.png)
2 weeks ago
2
For a few days now, a supply chain attack has been running through the Visual Studio Code marketplaces. Both Microsoft's Marketplace and the alternative Open-VSX marketplace of the Eclipse Foundation are affected.
The company Koi, specializing in endpoint security, has discovered a self-propagating malware and named it GlassWorm. The malware not only steals access credentials but also uses the target machine as a proxy node with a remote access trojan.
Infected packages are still present in the Open-VSX marketplace, at least. As reported in September on malware Shai Hulud found on npm, GlassWorm propagates itself, using the Open VSX Registry, GitHub, and npm, among others.
Malware via Update
Koi first discovered the malware in the Open VSX Extension CodeJoy. At first glance, CodeJoy appears to be a regular extension that brings a few useful tools. In version 1.8.3, the extension first shows suspicious behavior, such as network access, that had nothing to do with its actual functions.
Anyone who has enabled extensions.autoUpdate in Visual Studio Code automatically receives updates for all extensions, including potential malware. It is not uncommon for seemingly useful software to receive malicious code only via an update.
Invisible Malicious Code
The malicious functions of GlassWorm are extremely well hidden. The malware does not simply rely on the usual obfuscation techniques or multiple indirect loads but contains invisible code thanks to non-representable Unicode characters. Apparently, this was achieved with the Unicode block Variation Selectors.
According to the Koi blog, the code is invisible not only to human reviewers but also to static code analysis tools, yet the JavaScript interpreter executes the hidden code. The approach is new, and the invisible code is the reason Koi named the malware GlassWorm.
Not an Ordinary C2 Server
GlassWorm also takes new approaches with its command-and-control server (C2 server): the extensions use the Solana blockchain as infrastructure, i.e., a public blockchain. Through it, they obtain links in Base64 format to the further payload with the actual malware.
The blockchain offers numerous advantages for attackers: it is distributed and provides immutable, anonymous transactions. Furthermore, the C2 infrastructure cannot be shut down: if someone shuts down the C2 server stored on the blockchain, the attackers can publish a transaction with a new address, which the malware will then use.
Stealing credentials and worm-like Behavior
The payload loaded by GlassWorm via the infrastructure is likely AES-256-CBC encrypted code. The corresponding key is found directly in the HTTP response headers, allowing it to be distributed dynamically.
The malicious code finally searches for credentials for various developer platforms and uses them to spread further.
GlassWorm uses npm authentication tokens to publish packages with malicious code on the JavaScript package manager. GitHub tokens and Git credentials are used to compromise legitimate repositories. Access credentials for Open VSX are used by the malware to publish further Visual Studio Code extensions with malicious code.
Finally, the software searches for cryptocurrency credentials. And as a bonus, it contains a link to Google Calendar, which is a sophisticated backup mechanism for the C2 infrastructure.
Zombie as a Bonus
In the calendar link, there is another URL in Base64 format, which reveals the function even in the directory name /get_zombi_payload/: the downloaded, obfuscated, and encrypted code turns out to be a remote access trojan. The infected machine becomes a SOCKS proxy server, thus opening access to the company's internal network traffic.
Control is exercised via peer-to-peer connections using WebRTC. And again, the commands are not located on a single C2 server; instead, the attackers distribute them via BitTorrent.
Active Glassworm
Koi discovered the malicious code on October 17, 2025, and initially found seven infected extensions in the Open VSX Registry. Shortly thereafter, more affected extensions appeared both there and in the VS Code Marketplace. The company counted a total of 35,800 installations.
The Koi blog lists in the appendix the names of the found packages, the known payload URLs, as well as the Solana wallet and transaction.
Anyone who has installed one of the affected packages must assume that the malware is on their system. The same applies to access to the known addresses of C2 servers and the affected Solana wallet.
(rme)
