Cybersecurity researchers have identified multiple Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are associated with an ongoing information-stealing campaign known as GlassWorm.

The group of 73 extensions has been recognized as cloned versions of legitimate tools. Among them, six have been confirmed as malicious, while the others function as sleeper packages designed to appear harmless. These sleeper extensions aim to build user trust before introducing malicious behavior through later updates.

According to findings from application security firm Socket, all identified extensions were published at the beginning of the month. This latest wave is being tracked as GlassWorm v2. Since December 21, 2025, researchers have discovered more than 320 related artifacts. The extensions confirmed to be malicious include:

  • outsidestormcommand.monochromator-theme
  • keyacrosslaud.auto-loop-for-antigravity
  • krundoven.ironplc-fast-hub
  • boulderzitunnel.vscode-buddies
  • cubedivervolt.html-code-validate
  • winnerdomain17.version-lens-tool
None

The sleeper extensions rely on typosquatting techniques, closely mimicking the names of legitimate packages (for example, CEINTL.vscode-language-pack-tr vs. Emotionkyoseparate.turkish-language-pack). They also replicate icons and descriptions to increase credibility and mislead developers into installing them.

This form of "visual trust" serves as an effective social engineering tactic, encouraging organic downloads before the extensions are weaponized to deliver malicious payloads.

Researchers note that the threat actors are continuously refining their approach. They are increasingly using sleeper packages and transitive dependencies to avoid detection. Additionally, Zig-based droppers are employed to deploy a secondary VSIX extension hosted on GitHub, capable of infecting multiple integrated development environments (IDEs) on a single system.

The extensions act as loaders that fetch the actual malicious payload from external sources. Once triggered, they install a secondary VSIX package across various IDEs, including VS Code, Cursor, Windsurf, and VSCodium, using automated installation commands.

Regardless of the delivery method, the objective remains consistent: execute malware that bypasses specific regional systems, collect sensitive data, deploy a remote access trojan (RAT), and silently install a malicious Chromium-based browser extension to capture credentials, bookmarks, and other user data.

"This method achieves similar results as traditional binary-based attacks, but keeps the execution logic hidden within obfuscated JavaScript," researchers explained. "The extension functions as a loader, while the actual payload is downloaded and executed after activation."

Originally published at https://ashhacker.com on April 28, 2026.