What happened
Security researchers at Koi Security have uncovered a new campaign, dubbed GlassWorm, targeting the Visual Studio Code extension ecosystem. The campaign uses three malicious extensions with thousands of downloads: ai-driven-dev, history-in-sublime-merge, and transient-emacs.
These extensions harvest GitHub and Open VSX credentials, drain cryptocurrency wallet extensions (up to 49 wallets identified), and drop remote-access tools.
Notably, the malware uses invisible Unicode characters in code files to hide malicious logic and creates a self-replicating worm-like spread through compromised credentials.
Who is affected
Developers and organizations using VS Code or other code editors that support extensions are at risk, especially those who install extensions from third-party registries or marketplaces.
Organizations whose developers have GitHub or Open VSX accounts tied to code repositories or CI/CD pipelines are also vulnerable, because credential theft allows the attacker to push malicious commits, increase reach, and pivot into supply-chain compromise.
Geographically, victims span the U.S., South America, Europe, and Asia, including at least one major government entity in the Middle East.
Why CISOs should care
This campaign targets multiple vectors that CISOs are already monitoring: software supply-chain risk, credential theft, code repository abuse, and developer tooling compromise.
Because attacker tools can self-propagate via stolen developer credentials, what starts as a compromise of a developer workstation can morph into a much broader enterprise incident.
The use of invisible Unicode characters to conceal malicious code demonstrates how adversaries are innovating to evade detection, indicating that traditional threat scanning may not be sufficient.
For CISOs in regulated environments, a breach in developer tooling can lead to downstream impacts, including compromised production code, undetected malicious commits, and unauthorized deployments, all of which raise audit, compliance, and breach risk.
3 Practical Actions
- Audit and restrict extension usage in developer tooling: Ensure only approved extensions are allowed in VS Code and other IDEs. Implement scanning of extension metadata and versions, and apply a whitelist/blacklist approach.
- Rotate and monitor credentials tied to GitHub, Open VSX, and dev tooling: Immediately rotate any credentials that might have been exposed, and monitor for unusual commits or pushes in developer repositories. Enforce multi-factor authentication for all dev accounts.
- Enhance detection for obfuscated code and self-propagation behavior: Deploy static and dynamic analysis tools that flag invisible Unicode characters in code, monitor for unusual command-and-control (C2) endpoints, including blockchain-based transaction updates (as GlassWorm did), and investigate developer machines that may be acting as proxies or spreading malicious code.