Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem.
The extensions in question, which are still available for download, are listed below -
- ai-driven-dev.ai-driven-dev (3,402 downloads)
- adhamu.history-in-sublime-merge (4,057 downloads)
- yasuyuky.transient-emacs (2,431 downloads)
GlassWorm, first documented by Koi Security late last month, refers to a campaign in which threat actors leverage VS Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace to harvest Open VSX, GitHub, and Git credentials, drain funds from 49 different cryptocurrency wallet extensions, and drop additional tools for remote access.
What makes the malware notable is that it uses invisible Unicode characters to hide malicious code in code editors and abuses the pilfered credentials to compromise additional extensions and further extend its reach, effectively creating a self-replication cycle that allows it to spread in a worm-like fashion.
In response to the findings, Open VSX said it identified and removed all malicious extensions, in addition to rotating or revoking associated tokens as of October 21, 2025. However, the latest report from Koi Security shows that the threat has resurfaced a second time, using the same invisible Unicode character obfuscation trick to bypass detection.
"The attacker has posted a fresh transaction to the Solana blockchain, providing an updated C2 [command-and-control] endpoint for downloading the next-stage payload," security researchers Idan Dardikman, Yuval Ronen, and Lotan Sery said.
"This demonstrates the resilience of blockchain-based C2 infrastructure - even if payload servers are taken down, the attacker can post a new transaction for a fraction of a cent, and all infected machines automatically fetch the new location."
The security vendor also revealed it identified an endpoint that's said to have been inadvertently exposed on the attacker's server, uncovering a partial list of victims spanning the U.S., South America, Europe, and Asia. This includes a major government entity from the Middle East.
Further analysis has uncovered keylogger information supposedly from the attacker's own machine, which has yielded some clues as to GlassWorm's provenance. The threat actor is assessed to be Russian-speaking and is said to use an open-source browser extension C2 framework named RedExt as part of their infrastructure.
"These are real organizations and real people whose credentials have been harvested, whose machines may be serving as criminal proxy infrastructure, whose internal networks may already be compromised," Koi Security said.
The development comes shortly after Aikido Security published findings showing that GlassWorm has expanded its focus to target GitHub, indicating the stolen GitHub credentials are being used to push malicious commits to repositories.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.