The GlassWorm malware has resurfaced on the OpenVSX registry, signaling a new wave of supply-chain attacks against developers. Only weeks after its first takedown, researchers from Koi Security have discovered three fresh extensions distributing updated variants of the threat.
The new malicious uploads: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs, collectively gathered over 9,000 downloads before their removal. These packages reuse the same invisible Unicode obfuscation first observed in the original campaign, making the malicious code appear blank to unsuspecting reviewers.
We previously reported when GlassWorm was first uncovered in October 2025, infecting over 35,000 systems across 12 VS Code and OpenVSX extensions. That discovery prompted OpenVSX and the Eclipse Foundation to harden their upload security and rotate compromised developer tokens. Yet, the malware’s comeback proves those efforts only slowed, not stopped, its operators.
A Familiar Tactic With New Targets
Like before, the malware hides in JavaScript-based extensions, using zero-width Unicode characters to mask malicious commands. These invisible symbols are undetectable at a glance but execute normally, making manual inspection almost impossible.
Once activated, Glassworm connects through Solana blockchain transactions, using the blockchain itself as a command-and-control (C2) channel. This approach avoids traditional C2 servers and makes tracking far more difficult.
The malware can:
- Steal authentication tokens from GitHub, npm, and OpenVSX.
- Compromise 49 cryptocurrency wallet extensions.
- Deploy SOCKS proxy modules for hidden network access.
- Launch VNC-based remote sessions, granting full control over infected systems.
According to Koi Security, the updated variant uses more sophisticated encryption for outbound data and rotates Solana wallets faster to avoid detection.
Russian Operators and Expanding Reach
Investigators attribute the operation to Russian-speaking cybercriminals tied to the RedExt C2 framework, previously used in browser and supply-chain campaigns. Koi Security accessed an exposed Glassworm control panel and confirmed around 60 compromised victims spanning the United States, South America, Europe, Asia, and the Middle East, including a government organization.
The timeline shows a pattern of persistence:
- October 20, 2025: First Glassworm campaign infects 35,000 systems.
- October 27, 2025: OpenVSX enforces new security measures and token rotation.
- November 8, 2025: Three new extensions appear, reviving the same techniques.
This recurring attack demonstrates how easily threat actors can exploit open-source ecosystems that rely on community uploads and minimal manual vetting.
Strengthening the Developer Supply Chain
The renewed campaign highlights a growing challenge for open developer platforms. Security teams are urging developers to act immediately by:
- Auditing all installed extensions for suspicious or unfamiliar publishers.
- Removing the three identified packages and scanning systems for residual artifacts.
- Rotating SSH keys and personal access tokens linked to GitHub, npm, or OpenVSX accounts.
- Checking for zero-width Unicode characters in source files (U+200B, U+200C, U+200D).
- Using extension allow-lists and disabling automatic updates for unverified add-ons.
These precautions can prevent further spread and minimize damage if compromise has already occurred.
Final Thoughts
The resurgence of GlassWorm malware on OpenVSX is a stark reminder of how fragile open-source ecosystems can be. Even after global coverage and platform reforms, the same operators managed to adapt and return within weeks. Their use of blockchain-based communication, Unicode obfuscation, and trusted developer tools makes Glassworm one of the most advanced supply-chain threats to date.
Developers must remain vigilant, every extension, dependency, and update can be a potential infection vector. Continuous auditing, code transparency, and stricter moderation are now essential to keeping software supply chains secure.
