Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Summary

Researchers have identified a campaign of 73 malicious or "sleeper" VS Code extensions on the Open VSX repository linked to the GlassWorm v2 malware. The campaign uses typosquatting and visual mimicry to distribute payloads designed to steal sensitive data, install remote access trojans (RATs), and compromise multiple IDEs.

Key Points

• 73 extensions were identified on the Open VSX repository, including six confirmed malicious packages: outsidestormcommand.monochromator-theme, keyacrosslaud.auto-loop-for-antigravity, krundoven.ironplc-fast-hub, boulderzitunnel.vscode-buddies, cubedivervolt.html-code-validate, and winnerdomain17.version-lens-tool.
• The campaign utilizes "sleeper" packages that appear harmless upon initial installation to build organic install counts and trust before delivering malicious code via subsequent updates.
• More than 320 related artifacts have been identified since December 21, 2025.
• The attack employs Zig-based droppers to deploy a secondary VSIX extension retrieved from GitHub.
• The malware targets all IDEs capable of executing VSIX extensions, specifically including VS Code, Cursor, Windsurf, and VSCodium.

Technical Details

The GlassWorm v2 campaign operates through a multi-stage delivery process. The initial extensions serve as obfuscated JavaScript loaders. Upon activation, these loaders utilize a Zig-based dropper to fetch a secondary VSIX payload hosted on GitHub. This payload is then programmatically installed into every compatible IDE identified on the system using the --install-extension command.

To evade detection, the threat actors use typosquatting (e.g., Emotionkyoseparate.turkish-language-pack instead of CEINTL.vscode-language-pack-tr) and replicate the icons and descriptions of legitimate extensions to establish "visual trust." Once the secondary payload is active, it installs a remote access trojan (RAT) and a rogue Chromium-based extension designed to siphon credentials, bookmarks, and other sensitive information. The malware is specifically configured to avoid Russian-based systems.

Impact / Why It Matters

Developers should verify the authenticity of all extensions installed from the Open VSX repository, as the malware can compromise every integrated development environment on a machine. The use of sleeper packages and transitive dependencies means that an initially trusted extension can become malicious through a routine update.