GlassWorm Campaign Deploys 73 New 'Sleeper' VS Code Extensions on Open VSX Marketplace
The ongoing GlassWorm supply-chain attack has released a fresh wave of 73 malicious VS Code extensions on the Open VSX marketplace, using a 'sleeper' tactic to evade detection and deliver self-replicating malware.
The GlassWorm campaign has escalated with a new cluster of 73 malicious Visual Studio Code extensions published on the Open VSX marketplace, according to researchers at Socket. These extensions employ a 'sleeper' tactic, appearing benign at first but later updated to deliver self-replicating malware that targets developer workstations. The campaign, first documented in October 2025 by Koi Security, continues to scale and evolve, posing a persistent threat to the software supply chain.
The new extensions act as thin loaders that fetch and execute malicious payloads from external sources or bundled native binaries. Some variants rely on external payload retrieval, while others include reused installer components seen in prior GlassWorm activity. This represents a tactical shift toward survivability and evasion, as the malware is less tied to a single obvious malicious file and spreads across updates, external hosting, obfuscation, and cross-editor installation behavior.
At least six of the extensions have already been activated with malware, while the others remain dormant or potentially suspicious. The extensions follow a pattern consistent with previous GlassWorm infections: they are first published without an obvious payload, then later updated to deliver malware through the normal extension update path. This approach builds trust and generates downloads before weaponization.
The attackers also employ an impersonation pattern, cloning legitimate extensions almost exactly—replicating names, icons, descriptions, and README content—while only changing subtle details like the publisher name and unique identifier. In one example, a fake Turkish language package closely mimics the official version, making the differences easy to miss during routine browsing.
GlassWorm's goal is to infect developers with infostealers to obtain credentials, API keys, and source code, which can then be used to publish poisoned versions of projects maintained by the victim. This creates a downstream effect on the supply chain and allows the malware to self-replicate. The risk is full compromise of a developer workstation, which often has access to sensitive internal systems.
Philipp Burckhardt, head of threat intelligence at Socket, notes that the latest dump shows a maturing threat actor running the same playbook at larger scale. Idan Dardikman, CTO and co-founder at Koi Security, agrees that while there is no technical innovation, the persistence and scale of the campaign demand a response. Organizations are urged to verify extension publisher identity, age, download patterns, and naming similarity before approving use, and to audit installed extensions for recent updates.