GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

GlassWorm malware returns to OpenVSX with 73 “sleeper” extensions that look benign until they update, delivering a malicious payload. Six extensions are active so far; the rest appear dormant or suspicious. The extensions clone legitimate listings and function as loaders, fetching the payload from GitHub, loading platform-specific modules, or using obfuscated JavaScript at runtime. This wave signals a shift from embedding malware to delivering it on update. Researchers note the campaign previously targeted wallets and credentials and mid-March 2026 saw hundreds of repos affected; a full list of the 73 extensions has been published, and developers are urged to rotate secrets and clean their environments.

TechLogHub

April 27, 2026

0 views

OverviewA new wave of GlassWorm malware campaigns targets the OpenVSX ecosystem by exploiting a set of 73 extensions described as “sleeper” payloads. At the outset these extensions appear benign, but they are designed to deliver a malicious payload after a subsequent update. Researchers note that six of these extensions have already activated malicious behavior, while the remainder are either dormant or flagged as suspicious. The pattern aligns with earlier GlassWorm activity, which has evolved from embedding payloads directly to introducing them through later updates.
The 73 OpenVSX Sleeper Extensions

A cluster of 73 extensions in the OpenVSX registry has been identified as part of the latest GlassWorm operation.
The extensions are clones of legitimate listings, crafted to mislead developers who focus mainly on visuals rather than identifiers.
Visual deception includes the use of the same or very similar icons, naming, and descriptions to resemble trusted extensions.
The attack relies on subtle differences such as the publisher name and the unique extension identifier to distinguish the malicious items from authentic ones.
Initially uploaded extensions appear harmless; the true malicious behavior is revealed only after an update is applied.

How the Payload Is Delivered

The extensions act as thin loaders that fetch the actual malicious components at runtime, rather than carrying the full payload upfront.
One delivery method uses runtime retrieval of a secondary VSIX package from GitHub, which is then installed via command-line interface commands.
Another method loads platform-specific compiled modules (e.g., .node files) that contain core logic, including mechanisms to fetch additional payloads and run installation routines across supported editors.
Some variants rely on heavily obfuscated JavaScript that decodes at runtime to locate and install malicious extensions, sometimes using encrypted or fallback URLs for payload retrieval.

Deception and Identity Theft Vectors

The attacker’s approach emphasizes deception by copying legitimate extension identifiers and visuals to reduce suspicion among developers.
The threat landscape continues to rely on social engineering through trustworthy-looking appearances while the underlying code remains hidden until a later stage.
Publisher identity and the unique extension identifiers emerge as primary indicators to distinguish malicious clones from authentic offerings.

Scope, Scale, and Temporal Context

Mid-March 2026 marked a significant expansion, with hundreds of repositories affected and dozens of extensions involved in the broader GlassWorm activity.
The latest OpenVSX wave appears to reflect a strategic shift: instead of embedding the payload in the initial extension, malicious code is introduced in a subsequent update, potentially broadening reach while remaining under the radar longer.
This wave follows earlier GlassWorm activity across multiple ecosystems, including GitHub, npm, VSCode Marketplace, and macOS environments, where crypto-wallet theft and credential exfiltration were commonly reported goals.

Research and Industry Observations

Socket researchers and multiple independent teams detected the activity early, contributing to containment efforts and synchronizing responses across affected ecosystems.
The campaign’s evolution shows a deliberate move toward stealthy delivery, leveraging innocuous-looking extensions as a Trojan-Loader mechanism.
As the operation scales, the risk that more dormant or suspicious extensions could be activated in future updates remains a concern for developers and platform operators.

Indicators of Compromise and How to Watch for Them

Look for extensions that match known legitimate listings in visuals but diverge in publisher identity or extension identifiers.
Monitor for extensions that perform loader-like behavior, such as retrieving additional VSIX packages from remote sources at runtime or loading external platform-specific modules.
Be alert for heavily obfuscated JavaScript that decodes at runtime to fetch and install new components, especially if the code paths lead to encrypted or fallback payload URLs.
Repositories and projects that show sudden, unexplained changes after installing a seemingly benign extension should be reviewed for potential payload activation during an update.

Legacy Context and Campaign Continuity

GlassWorm originated in October as a stealth campaign using invisible Unicode characters to harvest cryptocurrency wallets and developer credentials.
Since then, the campaign has diversified across code repositories and package registries, continually refining its tactics to avoid early detection.
The OpenVSX sleeper-extension strategy represents the latest iteration, reflecting attacker adaptability in response to defensive measures and patch cycles.

Visual and User Experience Threats

The attackers’ cloning strategy extends beyond code logic into the realm of user perception, leveraging familiar icons and familiar naming conventions to lower the guard of developers.
Even when the differences are subtle, the combination of icon similarity, descriptor likeness, and a matching but distinct publisher identity creates a convincing imitator surface.

Relevance Across Ecosystems

While OpenVSX is the immediate target, historical patterns show GlassWorm’s capacity to migrate across ecosystems, including GitHub repositories, npm packages, and VS Code environments.
The cross-ecosystem footprint increases the importance of consistent security reviews during package installations and before applying updates, given the potential for a single malicious update to propagate across multiple development environments.

Final Context

The latest wave confirms a broader trend within GlassWorm: malicious payloads can be introduced after an initial, seemingly safe installation, capitalizing on subsequent updates to complete their objectives.
The consolidation of the 73 sleeper extensions and the methods they employ underscores the ongoing need for vigilance in software supply chains and for careful verification of any extension updates, especially when they follow non-malicious initial behavior.

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

TechLogHub

April 27, 2026

0 views

OverviewA new wave of GlassWorm malware campaigns targets the OpenVSX ecosystem by exploiting a set of 73 extensions described as “sleeper” payloads. At the outset these extensions appear benign, but they are designed to deliver a malicious payload after a subsequent update. Researchers note that six of these extensions have already activated malicious behavior, while the remainder are either dormant or flagged as suspicious. The pattern aligns with earlier GlassWorm activity, which has evolved from embedding payloads directly to introducing them through later updates.
The 73 OpenVSX Sleeper Extensions

A cluster of 73 extensions in the OpenVSX registry has been identified as part of the latest GlassWorm operation.
The extensions are clones of legitimate listings, crafted to mislead developers who focus mainly on visuals rather than identifiers.
Visual deception includes the use of the same or very similar icons, naming, and descriptions to resemble trusted extensions.
The attack relies on subtle differences such as the publisher name and the unique extension identifier to distinguish the malicious items from authentic ones.
Initially uploaded extensions appear harmless; the true malicious behavior is revealed only after an update is applied.

How the Payload Is Delivered

The extensions act as thin loaders that fetch the actual malicious components at runtime, rather than carrying the full payload upfront.
One delivery method uses runtime retrieval of a secondary VSIX package from GitHub, which is then installed via command-line interface commands.
Another method loads platform-specific compiled modules (e.g., .node files) that contain core logic, including mechanisms to fetch additional payloads and run installation routines across supported editors.
Some variants rely on heavily obfuscated JavaScript that decodes at runtime to locate and install malicious extensions, sometimes using encrypted or fallback URLs for payload retrieval.

Deception and Identity Theft Vectors

The attacker’s approach emphasizes deception by copying legitimate extension identifiers and visuals to reduce suspicion among developers.
The threat landscape continues to rely on social engineering through trustworthy-looking appearances while the underlying code remains hidden until a later stage.
Publisher identity and the unique extension identifiers emerge as primary indicators to distinguish malicious clones from authentic offerings.

Scope, Scale, and Temporal Context

Mid-March 2026 marked a significant expansion, with hundreds of repositories affected and dozens of extensions involved in the broader GlassWorm activity.
The latest OpenVSX wave appears to reflect a strategic shift: instead of embedding the payload in the initial extension, malicious code is introduced in a subsequent update, potentially broadening reach while remaining under the radar longer.
This wave follows earlier GlassWorm activity across multiple ecosystems, including GitHub, npm, VSCode Marketplace, and macOS environments, where crypto-wallet theft and credential exfiltration were commonly reported goals.

Research and Industry Observations

Socket researchers and multiple independent teams detected the activity early, contributing to containment efforts and synchronizing responses across affected ecosystems.
The campaign’s evolution shows a deliberate move toward stealthy delivery, leveraging innocuous-looking extensions as a Trojan-Loader mechanism.
As the operation scales, the risk that more dormant or suspicious extensions could be activated in future updates remains a concern for developers and platform operators.

Indicators of Compromise and How to Watch for Them

Look for extensions that match known legitimate listings in visuals but diverge in publisher identity or extension identifiers.
Monitor for extensions that perform loader-like behavior, such as retrieving additional VSIX packages from remote sources at runtime or loading external platform-specific modules.
Be alert for heavily obfuscated JavaScript that decodes at runtime to fetch and install new components, especially if the code paths lead to encrypted or fallback payload URLs.
Repositories and projects that show sudden, unexplained changes after installing a seemingly benign extension should be reviewed for potential payload activation during an update.

Legacy Context and Campaign Continuity

GlassWorm originated in October as a stealth campaign using invisible Unicode characters to harvest cryptocurrency wallets and developer credentials.
Since then, the campaign has diversified across code repositories and package registries, continually refining its tactics to avoid early detection.
The OpenVSX sleeper-extension strategy represents the latest iteration, reflecting attacker adaptability in response to defensive measures and patch cycles.

Visual and User Experience Threats

The attackers’ cloning strategy extends beyond code logic into the realm of user perception, leveraging familiar icons and familiar naming conventions to lower the guard of developers.
Even when the differences are subtle, the combination of icon similarity, descriptor likeness, and a matching but distinct publisher identity creates a convincing imitator surface.

Relevance Across Ecosystems

While OpenVSX is the immediate target, historical patterns show GlassWorm’s capacity to migrate across ecosystems, including GitHub repositories, npm packages, and VS Code environments.
The cross-ecosystem footprint increases the importance of consistent security reviews during package installations and before applying updates, given the potential for a single malicious update to propagate across multiple development environments.

Final Context

The latest wave confirms a broader trend within GlassWorm: malicious payloads can be introduced after an initial, seemingly safe installation, capitalizing on subsequent updates to complete their objectives.
The consolidation of the 73 sleeper extensions and the methods they employ underscores the ongoing need for vigilance in software supply chains and for careful verification of any extension updates, especially when they follow non-malicious initial behavior.

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

Stay Updated

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

Stay Updated