Oct 24, 2025Ravie LakshmananDevOps / Malware
Cybersecurity researchers have found a self-propagating worm that spreads through Visible Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Market, underscoring how builders have change into a primary goal for assaults.
The delicate menace, codenamed GlassWorm by Koi Safety, is the second such provide chain assault to hit the DevOps area inside a span of a month after the Shai-Hulud worm that focused the npm ecosystem in mid-September 2025.
What makes the assault stand out is using the Solana blockchain for command-and-control (C2), making the infrastructure resilient to takedown efforts. It additionally makes use of Google Calendar as a C2 fallback mechanism.
One other novel side is that the GlassWorm marketing campaign depends on “invisible Unicode characters that make malicious code actually disappear from code editors,” Idan Dardikman stated in a technical report. “The attacker used Unicode variation selectors – particular characters which might be a part of the Unicode specification however do not produce any visible output.”
The tip objective of the assault is to reap npm, Open VSX, GitHub, and Git credentials, drain funds from 49 completely different cryptocurrency pockets extensions, deploy SOCKS proxy servers to show developer machines into conduits for prison actions, set up hidden VNC (HVNC) servers for distant entry, and weaponize the stolen credentials to compromise further packages and extensions for additional propagation.
The names of the contaminated extensions, 13 of them on Open VSX and one on the Microsoft Extension Market, are listed under. These extensions have been downloaded about 35,800 occasions. The primary wave of infections happened on October 17, 2025. It is at the moment not recognized how these extensions have been hijacked.
codejoy.codejoy-vscode-extension 1.8.3 and 1.8.4
l-igh-t.vscode-theme-seti-folder 1.2.3
kleinesfilmroellchen.serenity-dsl-syntaxhighlight 0.3.2
JScearcy.rust-doc-viewer 4.2.1
SIRILMP.dark-theme-sm 3.11.4
CodeInKlingon.git-worktree-menu 1.0.9 and 1.0.91
ginfuru.better-nunjucks 0.3.2
ellacrity.recoil 0.7.4
grrrck.positron-plus-1-e 0.0.71
jeronimoekerdt.color-picker-universal 2.8.91
srcery-colors.srcery-colors 0.3.9
sissel.shopify-liquid 4.0.1
TretinV3.forts-api-extention 0.3.1
cline-ai-main.cline-ai-agent 3.1.3 (Microsoft Extension Market)
The malicious code hid inside the extensions is designed to seek for transactions related to an attacker-controlled pockets on the Solana blockchain, and if discovered, it proceeds to extract a Base64-encoded string from the memo discipline that decodes to the C2 server (“217.69.3[.]218” or “199.247.10[.]166”) used for retrieving the next-stage payload.
The payload is an info stealer that captures credentials, authentication tokens, and cryptocurrency pockets knowledge, and reaches out to a Google Calendar occasion to parse one other Base64-encoded string and call the identical server to acquire a payload codenamed Zombi. The information is exfiltrated to a distant endpoint (“140.82.52[.]31:80”) managed by the menace actor.
Written in JavaScript, the Zombi module basically turns a GlassWorm an infection right into a full-fledged compromise by dropping a SOCKS proxy, WebRTC modules for peer-to-peer communication, BitTorrent’s Distributed Hash Desk (DHT) for decentralized command distribution, and HVNC for distant management.
The issue is compounded by the truth that VS Code extensions are configured to auto-update, permitting the menace actors to push the malicious code mechanically with out requiring any consumer interplay.
“This is not a one-off provide chain assault,” Dardikman stated. “It is a worm designed to unfold by way of the developer ecosystem like wildfire.”
“Attackers have found out the best way to make provide chain malware self-sustaining. They don’t seem to be simply compromising particular person packages anymore – they’re constructing worms that may unfold autonomously by way of your complete software program improvement ecosystem.”
The event comes as using blockchain for staging malicious payloads has witnessed a surge resulting from its pseudonymity and adaptability, with even menace actors from North Korea leveraging the approach to orchestrate their espionage and financially motivated campaigns.
