Self-Propagating GlassWorm Attacks VS Code Supply Chain
Summary
Researchers at Koi Security discovered a self-propagating worm dubbed “GlassWorm” that has infected roughly 35,800 developer machines by poisoning Visual Studio Code extensions distributed via OpenVSX and, for a time, the official VS Code marketplace. The malware uses printable Unicode characters that are invisible in editors to hide malicious code from human reviewers. It leverages the Solana blockchain as a command-and-control (C2) channel with Google Calendar as a backup, harvests credentials from NPM, GitHub and Git, targets cryptocurrency wallets, installs SOCKS proxies and hidden VNC servers, and includes a final-stage module called “ZOMBI” that turns infected developer workstations into nodes in a criminal infrastructure network.
Koi published indicators of compromise (IoCs) and details of the poisoned extensions; some malicious extension versions remain available for download even after cleanup. Koi recommends that any organisation seeing these IoCs assume compromise, rotate all secrets (NPM/GitHub/OpenVSX tokens and passwords) and reimage affected machines to ensure full removal.
Key Points
- GlassWorm uses printable Unicode characters that render invisibly in editors, making malicious code literally invisible to human reviewers.
- The worm has infected around 35,800 developer machines by poisoning VS Code extensions on OpenVSX and briefly on the official VS Code marketplace.
- It uses the Solana blockchain as a primary C2 channel and Google Calendar as a backup command server.
- GlassWorm harvests credentials (NPM, GitHub, Git) to spread across the software supply chain, turning each victim into a new infection vector.
- The ZOMBI module converts infected developer workstations into SOCKS proxy nodes and installs hidden VNC servers, providing remote access and a distributed criminal proxy network.
- Koi published IoCs (poisoned extension names, C2/payload URLs and persistence mechanisms); organisations should treat detection as a full compromise.
- Recommended remediation: rotate all tokens and passwords, revoke and reissue secrets, and format/reimage infected machines to eradicate the worm.
Context and relevance
This attack marks a significant escalation in supply chain threats. Registry- and marketplace-poisoning has been a growing trend, but GlassWorm’s invisible-code technique breaks the longstanding assumption that human code review can catch malicious changes. For security teams and developer organisations, it highlights that tooling, automated scanning and secrets hygiene must complement — not rely on — manual review. The campaign also shows adversaries combining decentralised infrastructure (blockchain) and innocuous services (Google Calendar) to make takedown and detection harder.
Author style
Punchy: This is a high-stakes, elegant piece of malware. If you care about developer tooling, CI/CD or supply chain resilience, read the full details — the attack blends stealth, automation and credential theft in ways that change how we need to defend developer environments.
Why should I read this?
Short and blunt: if you use VS Code, publish packages, or manage developer machines — this one matters. The worm hides from sight, steals creds, and turns your laptops into proxies. Read it so you know what to look for and what to do next.