Cybersecurity researchers have uncovered a significant expansion of the GlassWorm malware campaign, which is targeting developers by infiltrating the open-source extension ecosystem with dozens of malicious packages.
Security firm Socket reported that attackers planted at least 72 harmful extensions in the Open VSX Registry since late January 2026, using sophisticated supply-chain techniques to compromise development environments.
Attackers Abuse Extension Dependencies
Unlike earlier versions of the campaign, the latest GlassWorm operation spreads malware indirectly by abusing extension relationships within development tools.
Attackers are using features such as extension packs and dependency lists to transform seemingly harmless extensions into hidden malware delivery channels.
Initially, the extensions appear legitimate and pass security reviews. However, later updates silently add dependencies that install malicious GlassWorm-linked packages.
This technique allows attackers to establish trust with developers before introducing harmful code.
Malicious Extensions Mimic Developer Tools
Many of the rogue extensions imitate commonly used developer utilities, including:
- Code linters and formatters
- Debugging tools
- SQL utilities
- Extensions linked to AI coding assistants
Some of the fake extensions imitated tools associated with platforms such as Clade Code and Google Antigravity.
The malicious listings have since been removed from the registry, but researchers warn that similar campaigns could reappear.
What the GlassWorm Malware Does
The GlassWorm campaign is designed to infiltrate developer systems and perform multiple malicious actions, including:
- Stealing credentials and API tokens
- Draining cryptocurrency wallets
- Extracting sensitive project data
- Turning infected machines into proxy servers for cybercrime
The campaign was first identified in 2025 by security researchers at Koi Security.
Advanced Obfuscation and Blockchain Techniques
The newest wave of GlassWorm extensions includes stronger code obfuscation and additional evasion tactics.
Researchers found the malware uses transactions on the Solana blockchain as a dead-drop mechanism to retrieve command-and-control server addresses.
The malware also avoids infecting machines configured with Russian language settings, a behavior commonly seen in cybercrime operations linked to Eastern European threat actors.
Invisible Unicode Code Used in GitHub Attacks
In parallel with the extension attack, researchers from Aikido Security discovered malicious code injected into 151 repositories hosted on GitHub.
The attackers used invisible Unicode characters embedded in source code to hide malicious payloads. When opened in editors or terminals, the characters remain invisible, but they decode into scripts that download additional malware.
Security researcher Ilyas Makari noted that the malicious commits were disguised as normal development updates such as documentation changes or minor bug fixes—making them difficult to detect.
Experts believe attackers may be using large language models (LLMs) to generate realistic commit messages and code changes that blend into legitimate development activity.
Related npm Campaign Raises Additional Concerns
Separately, researchers at Endor Labs uncovered 88 suspicious packages uploaded to the npm between November 2025 and February 2026.
These packages used a technique called Remote Dynamic Dependencies, allowing malicious code to be hosted on external servers instead of inside the package itself.
This method allows attackers to silently modify the payload at any time without releasing a new version of the package.
Although the campaign—known as PhantomRaven—was later claimed to be part of a security research experiment, investigators raised concerns about the extent of data collection performed by the packages.
Supply Chain Threats Growing in Developer Ecosystems
Security analysts warn that attacks targeting software supply chains are increasing as developers rely heavily on open-source tools and third-party extensions.
By infiltrating widely used development ecosystems, attackers can potentially compromise thousands of systems with a single malicious component.
Experts recommend that developers and organizations adopt stronger security practices, including:
- Verifying extension sources before installation
- Monitoring dependency changes in updates
- Using automated supply-chain security scanning tools
- Restricting permissions for development extensions
As the GlassWorm campaign demonstrates, even trusted developer tools can become a powerful entry point for cyberattacks.
