Key Findings

• Cybersecurity researchers have discovered a new set of three Visual Studio Code (VS Code) extensions associated with the GlassWorm malware campaign.

• The extensions, with thousands of downloads, are still available for download and are being used to harvest credentials, drain cryptocurrency wallets, and drop remote access tools.

• The malware uses invisible Unicode characters to hide malicious code, allowing it to evade detection and create a self-replicating worm-like behavior.

• The threat actor is assessed to be Russian-speaking and is using an open-source browser extension C2 framework named RedExt as part of their infrastructure.

Background

The GlassWorm malware campaign was first documented by Koi Security late last month. It involves threat actors leveraging VS Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace to compromise users.

The malware uses invisible Unicode characters to hide malicious code in code editors, allowing it to bypass detection. It then abuses the pilfered credentials to compromise additional extensions, effectively creating a self-replication cycle that allows it to spread in a worm-like fashion.

New Wave of Infections

• On November 6, 2025, Koi Security detected a fresh wave of GlassWorm compromise targeting three more extensions on the OpenVSX registry:

• ai-driven-dev.ai-driven-dev (3,300 downloads)

• adhamu.history-in-sublime-merge (4,000 downloads)

• yasuyuky.transient-emacs (2,400 downloads)

• This new wave alone is responsible for approximately 10,000 additional infections.

Resilient Infrastructure

• The threat actor is using the Solana blockchain for its command-and-control (C2) mechanism, posting low-cost transactions to provide updated C2 endpoints for downloading the next-stage payload.

• This strategy creates "unkillable infrastructure" because even if payload servers are taken down, the attacker can post a new transaction and all infected machines will automatically fetch the new location.

• The primary C2 server (199.247.10.166) and the exfiltration endpoint (199.247.13.106:80/wall) remain operational and unchanged from the original analysis.

Expanded Targeting and Victim Impact

• An analysis of the attacker's server revealed a partial list of victims spanning the U.S., South America, Europe, and Asia, including a major government entity from the Middle East.

• The stolen GitHub credentials are being used to push malicious commits to repositories, indicating the GlassWorm has expanded its focus to target GitHub.

• The attacker's keylogger data provides significant leads for attribution, suggesting the threat actor is Russian-speaking and uses the RedExt C2 framework.

Sources

• https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html

• https://securityonline.info/glassworm-worm-resurfaces-invisible-unicode-malware-re-infects-vs-code-extensions-spreads-to-github/