GlassWorm, a malware campaign targeting the Open VSX extension ecosystem, has resurfaced through a fresh cluster of suspicious extensions that appear to imitate popular listings and may be used to deliver malicious payloads through future updates, according to findings attributed to Socket.
The campaign first appeared in the Open VSX registry in October 2025 through around a dozen extensions that were likely downloaded thousands of times. It used Unicode variation selectors to visually hide its code and relied on the Solana blockchain for command-and-control infrastructure. The malware was designed to steal GitHub, Git, and NPM credentials, sensitive information and cryptocurrency.
New Suspicious Extensions Identified
Socket says it has now identified 73 suspicious extensions that appear to be clones of popular extensions on the Open VSX marketplace. The extensions were published by newly created GitHub accounts, which typically had one or two public repositories named with an eight-character string.
According to Socket, the extensions are likely “sleepers” designed to deploy malware on users’ machines through future updates. At least six of them have already been activated. The company said the count may change as new updates continue to appear, but the pattern is consistent with earlier GlassWorm waves, where cloned or impersonating extensions were first published without an obvious payload and later updated to deliver malware through the normal extension update path.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Cloned Listings Used to Build Trust
The extensions follow a clear impersonation pattern, mirroring legitimate listings of the cloned extensions. This includes copying icons, names and descriptions, while appearing under a different publisher and unique identifier.
Socket described this as the central social engineering pattern behind the latest GlassWorm cluster. The cloned listings create enough visual trust to attract installs before any malware is introduced, allowing the threat actor to exploit users’ reliance on familiar names and presentation in the marketplace.
Multiple Delivery Methods Complicate Detection
The malware delivery method used by these extensions appears to combine previously observed mechanisms. Some rely on bundled native binaries, including components from earlier GlassWorm attacks, while others retrieve the payload from a remote location.
Socket noted that the extension’s source code alone no longer reflects the behaviour that ultimately runs. By moving critical logic outside what security tools typically scan and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection.
