GlassWorm v2 Malware

Cybersecurity researchers have uncovered a large-scale malicious campaign involving dozens of Microsoft Visual Studio Code (VS Code) extensions hosted on the Open VSX repository. The operation, tracked as GlassWorm, is focused on stealing sensitive information from developers and compromising development environments.

Investigators discovered 73 suspicious extensions that imitate legitimate tools. Among them, six have been verified as malicious, while the rest appear to function as dormant 'sleeper' packages designed to gain user trust before later being weaponized through updates.

All identified extensions were uploaded in early April 2026. Since December 21, 2025, researchers have linked more than 320 malicious artifacts to the wider GlassWorm infrastructure.

Confirmed Malicious Extensions

The following Open VSX extensions have been confirmed as harmful:

• outsidestormcommand.monochromator-theme
• keyacrosslaud.auto-loop-for-antigravity
• krundoven.ironplc-fast-hub
• boulderzitunnel.vscode-buddies
• cubedivervolt.html-code-validate
• Winnerdomain17.version-lens-tool

Social Engineering Through Cloned Packages

Many of the sleeper extensions closely imitate trusted packages through typosquatting tactics. For example, attackers used deceptive naming such as CEINTL.vscode-language-pack-tr versus the legitimate Emotionkyoseparate.turkish-language-pack.

To strengthen credibility, these fake extensions also copied the original icons and descriptions. This 'visual trust' strategy helps attackers increase installation numbers naturally by making the packages appear authentic and safe.

Attackers Shift to Stealthier Delivery Techniques

Researchers report that the GlassWorm operators are actively refining their methods to avoid detection. Rather than deploying malware immediately, they now rely on sleeper packages and hidden transitive dependencies that can activate later.

The campaign also uses Zig-based droppers to install a second malicious VSIX extension hosted on GitHub. Once executed, the loader can spread the payload across multiple integrated development environments (IDEs) installed on the same system.

Multiple IDEs at Risk

The malware is capable of identifying and infecting several developer platforms through the --install-extension command, including:

• Microsoft VS Code
• Cursor
• Windsurf
• VSCodium

Final Payload Designed for Data Theft and Remote Control

Regardless of the initial infection path, the ultimate objective remains consistent. The malware is engineered to avoid systems located in Russia, harvest sensitive information, deploy a remote access trojan (RAT), and secretly install a rogue Chromium-based browser extension.

That browser extension can capture credentials, bookmarks, and additional stored data. In some variants, the delivery mechanism is hidden inside obfuscated JavaScript, where the extension acts only as a loader while the real payload is downloaded and executed after activation.