73 Counterfeit VS Code Extensions Found Harboring GlassWorm Malware

Introduction: Developer Toolchains Become a New Attack Battleground

Cybersecurity researchers have recently flagged 73 Microsoft Visual Studio Code (VS Code) extensions in the Open VSX extension repository linked to a persistent information-stealing campaign. This malicious operation, dubbed "GlassWorm," has once again thrust software supply chain security into the spotlight, reminding millions of developers worldwide that even everyday code editor plugins can become covert channels for hacker infiltration.

As one of the most popular code editors in the world, VS Code boasts a vast extension ecosystem. It is precisely this highly open ecosystem that has given attackers an opportunity to exploit. This incident demonstrates that supply chain attacks targeting developer toolchains are becoming increasingly sophisticated and scalable.

Core Findings: 73 Counterfeit Extensions and GlassWorm v2

According to security researchers, all 73 extensions discovered were "cloned versions" of legitimate popular extensions, nearly identical to the originals in name, icon, and feature descriptions, making them highly deceptive. Of these 73 extensions, six have been definitively confirmed as malicious, while the remaining extensions appear to function as "seemingly harmless" normal plugins. However, researchers noted that they also exhibit suspicious code structures and communication behaviors.

The payload delivered by these malicious extensions has been identified as "GlassWorm v2" — an upgraded version of the information-stealing malware. Compared to earlier versions, GlassWorm v2 features significant enhancements in the following areas:

• Improved stealth: Employing multi-layered obfuscation techniques, malicious code is deeply embedded within seemingly normal functional modules, making it difficult for traditional static scanning to detect
• Expanded data theft scope: Beyond browser credentials and cookies, it can also extract SSH keys, API tokens, Git configurations, and cloud service credentials from development environments
• Persistence mechanisms: Achieves persistent residence through VS Code's auto-update and extension management mechanisms, keeping malicious components active even after the user restarts the editor
• Covert C2 communications: Leverages legitimate cloud services and CDNs as command and control (C2) channels, blending malicious traffic into normal network requests

Researchers specifically noted that attackers carefully selected popular extensions with high download counts for impersonation, spanning multiple categories including code formatting tools, theme packs, and language support plugins. This "wide-net" strategy means that a large number of developers may have already installed infected extensions without their knowledge.

In-Depth Analysis: Why Supply Chain Attacks Persist

The Double-Edged Sword of Open Ecosystems

The flourishing VS Code extension ecosystem owes much to its open publishing mechanism. Whether through the official Visual Studio Marketplace or the community-driven Open VSX repository, the barrier to publishing extensions is relatively low. While this openness promotes innovation, it also provides exploitable space for malicious actors.

Compared to mobile app stores, code editor extension repositories typically have more lenient review mechanisms. Attackers need only clone a legitimate extension's source code, inject a malicious payload, and republish it under a similar name to easily bypass basic review processes.

AI Accelerating Malware Evolution

Notably, security analysts performing reverse engineering on GlassWorm v2's code found that some obfuscated code and social engineering strategies exhibited characteristics of AI-assisted generation. This suggests that attackers may be leveraging large language models (LLMs) to accelerate malware development and iteration, enabling them to generate variants more rapidly to evade detection.

This trend is concerning — while AI technology lowers the barrier to security defense, it is simultaneously lowering the technical barrier to cyberattacks. Malicious actors can use AI tools to mass-produce counterfeit extensions, automate code obfuscation, and even generate more convincing fake descriptions and documentation.

Weak Links in Developer Security Awareness

Compared to the vigilance ordinary users exercise when downloading software, developers tend to be more "casual" when installing IDE extensions. Many developers habitually search for and install extensions quickly based on functional needs, rarely verifying publisher identities, inspecting source code, or comparing against official versions. This trust inertia is precisely the psychological weakness attackers exploit.

More critically, the density of sensitive information stored in development environments far exceeds that of ordinary endpoints — from database passwords to cloud platform credentials, from private repository access tokens to production environment deployment keys. Once leaked, these could trigger cascading security incidents.

Recommendations: Multi-Layered Defenses Are Essential

In response to the GlassWorm incident, security experts have offered the following protective recommendations:

1. Strictly verify extension sources: Before installing extensions, always verify the publisher's identity, prioritize officially certified extensions, and compare download counts and publication dates
2. Principle of least privilege: Regularly review permissions of installed extensions and uninstall those no longer in use or of unknown origin
3. Environment isolation: Strictly isolate development environments from production credentials and avoid storing sensitive tokens directly in IDE configurations
4. Network monitoring: Deploy Endpoint Detection and Response (EDR) tools to monitor anomalous network connection behavior from VS Code processes
5. Enterprise-level controls: Organizations should establish extension whitelisting policies and restrict employees from installing unapproved plugins through unified extension management strategies

Outlook: Extension Ecosystem Security Governance Urgently Needs an Upgrade

The GlassWorm v2 incident is far from an isolated case. From npm package poisoning to malicious PyPI libraries, from Chrome extension hijacking to VS Code plugin impersonation, software supply chain attacks have formed a complete "gray industry chain." With the proliferation of AI technology, the scale and frequency of such attacks are expected to escalate further.

At the industry level, extension repository platforms urgently need to introduce stronger identity verification mechanisms, automated malicious code scanning, and community-driven reputation systems. Microsoft and the Open VSX community have begun strengthening their review processes, but in the face of increasingly sophisticated attack techniques, passive defense on the platform side alone is far from sufficient.

In the future, AI-based real-time behavioral analysis, transparent audit mechanisms for extension code, and the comprehensive promotion of developer security education will become the three pillars for building a trustworthy extension ecosystem. Finding a balance between openness and security is both a technical challenge and a proposition the entire developer community must confront together.