Supply ChainApr 28, 2026
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
GlassWorm malware campaign deploys self-propagating VS Code extensions via Open VSX registry.
Summary
Attackers are escalating a supply chain campaign to distribute malicious VS Code extensions through the Open VSX marketplace. These seemingly legitimate extensions contain self-propagating malware (GlassWorm) designed to compromise developer environments. The campaign demonstrates ongoing abuse of open-source package registries as attack vectors.
Indicators of Compromise
- malware — GlassWorm
Entities
GlassWorm (campaign)VS Code (product)Open VSX (technology)