CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

GlassWorm malware targets OpenVSX, VS Code registries

First reported
Last updated
2 unique sources, 9 articles

Summary

Hide ▲

The GlassWorm malware campaign has resurfaced with a third wave, adding 24 new packages to OpenVSX and Microsoft Visual Studio Marketplace. The malware uses invisible Unicode characters to hide malicious code and targets GitHub, NPM, and OpenVSX account credentials, as well as cryptocurrency wallet data. The campaign initially impacted 49 extensions, with an estimated 35,800 downloads, though this figure includes inflated numbers due to bots and visibility-boosting tactics. The Eclipse Foundation has revoked leaked tokens and introduced security measures, but the threat actors have pivoted to GitHub and now returned to OpenVSX with updated command-and-control endpoints. The malware's global reach includes systems in the United States, South America, Europe, Asia, and a government entity in the Middle East. Koi Security has accessed the attackers' server and shared victim data with law enforcement. The threat actors have posted a fresh transaction to the Solana blockchain, providing an updated C2 endpoint for downloading the next-stage payload. The attacker's server was inadvertently exposed, revealing a partial list of victims spanning the U.S., South America, Europe, and Asia, including a major government entity from the Middle East. The threat actor is assessed to be Russian-speaking and uses the open-source browser extension C2 framework named RedExt as part of their infrastructure. The third wave of Glassworm uses Rust-based implants packaged inside the extensions and targets popular tools and developer frameworks like Flutter, Vim, Yaml, Tailwind, Svelte, React Native, and Vue. Additionally, a malicious Rust package named "evm-units" was discovered, targeting Windows, macOS, and Linux systems. This package, uploaded to crates.io in mid-April 2025, attracted over 7,000 downloads and was designed to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The package checks for the presence of Qihoo 360 antivirus and alters its execution flow accordingly. The references to EVM and Uniswap indicate that the supply chain incident is designed to target developers in the Web3 space.

Timeline

  1. 08.11.2025 18:17 4 articles · 25d ago

    GlassWorm operators identified as Russian-speaking using RedExt C2 framework

    GlassWorm operators are Russian-speaking and use the RedExt open-source C2 browser extension framework. The malware has impacted systems globally, including the United States, South America, Europe, Asia, and a government entity in the Middle East. Koi Security accessed the attackers' server and obtained key data on victims, including user IDs for multiple cryptocurrency exchanges and messaging platforms. The threat actors have posted a fresh transaction to the Solana blockchain, providing an updated C2 endpoint for downloading the next-stage payload. The attacker's server was inadvertently exposed, revealing a partial list of victims spanning the U.S., South America, Europe, and Asia, including a major government entity from the Middle East. The Glassworm campaign is now in its third wave, with 24 new packages added on OpenVSX and Microsoft Visual Studio Marketplace. The malware now uses Rust-based implants and continues to employ invisible Unicode characters to hide malicious code. The packages target popular developer tools and frameworks, and the campaign uses artificially inflated download counts to manipulate search results. The third wave includes specific packages on both marketplaces, indicating a broad targeting scope. The new iteration of GlassWorm uses Rust-based implants packaged inside the extensions, targeting Windows and macOS systems. The implants fetch C2 server details from a Solana blockchain wallet address and use Google Calendar as a backup for C2 address retrieval.

    Show sources
    Open in new tab
  2. 02.11.2025 17:09 2 articles · 1mo ago

    GlassWorm threat actors pivot to GitHub using Unicode steganography

    The threat actors behind GlassWorm have moved to GitHub, using the same Unicode steganography trick to hide their malicious payload in multiple repositories, primarily focused on JavaScript projects. GlassWorm has returned with three new VSCode extensions on OpenVSX, downloaded over 10,000 times. The new extensions are ai-driven-dev.ai-driven-dev (3,400 downloads), adhamu.history-in-sublime-merge (4,000 downloads), and yasuyuky.transient-emacs (2,400 downloads).

    Show sources
    Open in new tab
  3. 31.10.2025 10:02 3 articles · 1mo ago

    Eclipse Foundation revokes leaked tokens and introduces security measures

    Open VSX has implemented additional security measures, including shortening token lifetimes, faster revocation workflows, automated security scans, and threat intelligence sharing. The threat actors behind GlassWorm have moved to GitHub, using the same Unicode steganography trick to hide their malicious payload in multiple repositories, primarily focused on JavaScript projects.

    Show sources
    Open in new tab
  4. 20.10.2025 19:13 9 articles · 1mo ago

    GlassWorm malware campaign targets OpenVSX and VS Code registries

    The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories, enabling the supply chain attack. The leak was discovered by Wiz researchers two weeks ago, exposing over 550 secrets across Microsoft VSCode and Open VSX marketplaces. Some leaked tokens could give access to projects with 150,000 downloads, allowing threat actors to upload malicious versions of extensions. The Open VSX team and the Eclipse Foundation clarified that GlassWorm was not self-replicating but targeted developer credentials. The reported download count of 35,800 includes inflated downloads generated by bots and visibility-boosting tactics. The threat actors behind GlassWorm have moved to GitHub, using the same Unicode steganography trick to hide their malicious payload in multiple repositories, primarily focused on JavaScript projects. GlassWorm has returned with three new VSCode extensions on OpenVSX, downloaded over 10,000 times. The new extensions are ai-driven-dev.ai-driven-dev (3,402 downloads), adhamu.history-in-sublime-merge (4,057 downloads), and yasuyuky.transient-emacs (2,431 downloads). The threat actors have posted a fresh transaction to the Solana blockchain, providing an updated C2 endpoint for downloading the next-stage payload. The attacker's server was inadvertently exposed, revealing a partial list of victims spanning the U.S., South America, Europe, and Asia, including a major government entity from the Middle East. The threat actor is assessed to be Russian-speaking and uses the open-source browser extension C2 framework named RedExt as part of their infrastructure. The Glassworm campaign is now in its third wave, with 24 new packages added on OpenVSX and Microsoft Visual Studio Marketplace. The malware now uses Rust-based implants and continues to employ invisible Unicode characters to hide malicious code. The packages target popular developer tools and frameworks, and the campaign uses artificially inflated download counts to manipulate search results. The third wave includes specific packages on both marketplaces, indicating a broad targeting scope. The new iteration of GlassWorm uses Rust-based implants packaged inside the extensions, targeting Windows and macOS systems. The implants fetch C2 server details from a Solana blockchain wallet address and use Google Calendar as a backup for C2 address retrieval. Additionally, a malicious Rust package named "evm-units" was discovered, targeting Windows, macOS, and Linux systems. This package, uploaded to crates.io in mid-April 2025, attracted over 7,000 downloads and was designed to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The package checks for the presence of Qihoo 360 antivirus and alters its execution flow accordingly. The references to EVM and Uniswap indicate that the supply chain incident is designed to target developers in the Web3 space.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

ShadyPanda Browser Extensions Campaign Exploits 4.3M Installs

The ShadyPanda campaign has amassed over 4.3 million installations of malicious Chrome and Edge browser extensions, evolving from legitimate tools into spyware over multiple phases. The extensions, discovered by Koi Security, engaged in affiliate fraud, search hijacking, and remote code execution. The campaign remains active on the Microsoft Edge Add-ons platform, with one extension having 3 million installs. The extensions collect browsing history, search queries, keystrokes, mouse clicks, and other sensitive data, exfiltrating it to domains in China. Users are advised to remove these extensions and reset their account passwords. Five of the extensions started as legitimate programs before malicious changes were introduced in mid-2024. The Clean Master extension was featured and verified by Google, allowing attackers to expand their user base and issue malicious updates without suspicion. The extensions engage in adversary-in-the-middle (AitM) attacks to facilitate credential theft, session hijacking, and arbitrary code injection into any website. The WeTab extension is still available for download as of the article's publication date. The extensions injected affiliate tracking codes silently every time the victim clicked on eBay, Amazon, or Booking.com links. They also deployed Google Analytics tracking to monetize browsing data, logging every website visit, search query, and click pattern. The Infinity V+ extension redirected web searches through the browser hijacker trovi.com. The extensions used malicious code to read victims’ cookies and send the data to nossl.dergoodting.com, creating unique identifiers without users’ consent or knowledge. They captured users’ input in the search box, profiling their interests in real time. The extensions checked an external server for instructions and executed arbitrary JavaScript code every hour, with full browser API access. They executed a payload designed to exfiltrate browser data to remote servers, collecting visited URLs, HTTP referrers, timestamps, persistent UUID4 identifiers, and complete browser fingerprints. The WeTab New Tab Page extension, posing as a productivity tool, operates as a sophisticated surveillance platform, sending user data to 17 different domains. The ShadyPanda campaign has been active for seven years, with initial submissions in 2018 and first signs of malicious activity in 2023. ShadyPanda leveraged trusted browser marketplaces to build user bases, operate legitimately for years, then quietly deploy malicious updates. A new Koi Security report identified a remote code execution backdoor affecting 300,000 users across five extensions, including Clean Master. The extensions had operated normally since 2018, until a mid-2024 update enabled hourly downloads of arbitrary JavaScript. The malware logged website visits, exfiltrated encrypted browsing histories, and gathered full browser fingerprints. A parallel spyware operation reached more than 4 million users through five additional Microsoft Edge extensions, most notably WeTab, which alone accounted for 3 million installs. These extensions collected every URL visited, search term, mouse click, and various browser identifiers, with traffic routed to servers in China.

Open in new tab

Malicious VSX Extension SleepyDuck Targets Solidity Developers

A malicious extension named SleepyDuck was discovered in the Open VSX registry. It targets Solidity developers and includes a remote access trojan. The extension was initially published as benign but was updated to include malicious capabilities after reaching 14,000 downloads. The malware uses Ethereum contracts to update its command and control address, ensuring persistence even if the original server is taken down. It triggers when a new code editor window is opened or a .sol file is selected, gathering system information and exfiltrating it to the server. The extension has been downloaded more than 53,000 times. The malware activates on editor startup, when a Solidity file is opened, or when the user runs the Solidity compile command. It collects system data and sets up a command execution sandbox. The malware finds the fastest Ethereum RPC provider to read the smart contract with the C2 information and reads updated instructions directly from the blockchain. The extension was first published on October 31, 2025, and updated to include malicious code on November 1, 2025. It has been observed using sandbox evasion techniques and can connect to the fastest Ethereum RPC provider to maintain communication with its command server. Open VSX has announced security enhancements to make it safer for its users, including shortening token lifetimes, quickly revoking leaked credentials, automated scans, and sharing key info with VS Code about emerging threats.

Open in new tab

PhantomRaven npm credential harvesting campaign leverages invisible dependencies

An ongoing npm credential harvesting campaign dubbed PhantomRaven has been active since August 2025. The malware steals npm tokens, GitHub credentials, and CI/CD secrets from developers worldwide. At least 126 npm packages have been infected, resulting in over 86,000 downloads. The attack uses Remote Dynamic Dependencies (RDD) to hide malicious code in externally hosted packages, evading npm security scans. The campaign exploits AI hallucinations to create plausible-sounding package names, a technique known as slopsquatting. As of October 30, 2025, the attacker-controlled URL can serve any kind of malware, initially serving harmless code before pushing a malicious version. The malware scans the developer environment for email addresses and gathers information about the CI/CD environment. The npm ecosystem allows easy publishing and low friction for packages, with lifecycle scripts executing arbitrary code at install time. As of October 29, 2025, at least 80 of the infected packages remain active. Researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package to target GitHub-owned repositories. The package incorporated a post-install hook to download and run malware in versions 4.0.12 to 4.0.17, and has been downloaded 47,405 times. The malware specifically targets repositories owned by the GitHub organization, indicating a targeted attack against GitHub.

Open in new tab

Malicious npm packages targeting Windows, macOS, and Linux systems

Ten malicious npm packages were discovered that deliver an information stealer targeting Windows, macOS, and Linux systems. The packages, uploaded to the npm registry on July 4, 2025, have collectively accumulated over 9,900 downloads. The malware uses multiple layers of obfuscation and a fake CAPTCHA to evade detection and harvests credentials from system keyrings, browsers, and authentication services. The packages are still available on npm despite being reported to npm. The attack aims to steal sensitive information, including credentials and session cookies, which can provide unauthorized access to corporate resources.

Open in new tab

Atroposia malware-as-a-service platform discovered

A new malware-as-a-service (MaaS) platform named Atroposia offers cybercriminals a remote access trojan (RAT) with capabilities for persistent access, evasion, data theft, and local vulnerability scanning. The malware is available for a $200 monthly subscription and includes advanced features such as hidden remote desktop, file system control, data exfiltration, clipboard theft, credential theft, cryptocurrency wallet theft, and DNS hijacking. Atroposia was first identified by researchers at Varonis on October 15, 2025, and has been observed being promoted on underground forums. The platform includes modules for hidden remote desktop sessions, file management, data exfiltration, credential theft, clipboard monitoring, DNS hijacking, and local vulnerability scanning. The vulnerability scanner audits missing patches, unsafe settings, and vulnerable software, allowing attackers to prioritize exploits. The platform can be combined with SpamGPT and MatrixPDF to create a plug-and-play criminal toolkit. SpamGPT automates phishing campaign creation, SMTP/IMAP cracking, and deliverability tooling, while MatrixPDF weaponizes ordinary PDF files to bypass email filters. Atroposia uses encrypted command and control (C2) servers to foil traffic inspection and automatically escalates privileges via UAC bypass to gain admin rights and install multiple persistence mechanisms.

Open in new tab