A threat actor known as GlassWorm has escalated its campaign on Open VSX by abusing VS Code's extensionPack and extensionDependencies manifest fields to distribute malware transitively. Instead of embedding malicious loaders directly, attackers publish seemingly benign extensions and later update them to pull in GlassWorm-linked packages automatically. At least 73 malicious extensions have been identified since January 31, 2026. The campaign uses staged JavaScript execution, Russian locale/timezone geofencing, Solana transaction memos as dead drops, in-memory payload execution, and has evolved to use RC4/base64 obfuscation with decryption keys moved to HTTP response headers. Extensions impersonate popular developer tools including ESLint, Prettier, Angular, Flutter, and even AI coding tools like Claude Code and Codex. Defenders are advised to audit extension version histories and manifest diffs for newly added transitive dependencies, not just current code, and to monitor for GlassWorm indicators on developer workstations.
Table of contents
GlassWorm’s Abuse of Extension Relationships #Transitive GlassWorm Activity in Open VSX #GlassWorm Loader Evolution #Outlook and Recommendations #Indicators of Compromise (IOCs) #Sort: