Cybersecurity researchers have flagged 73 fake Microsoft Visual Studio Code extensions on the Open VSX repository that were linked to the GlassWorm information-stealing campaign, with six confirmed as malicious and the rest used as sleeper packages.
KEY FACTS
- Scope 73 cloned extensions were identified, and six were confirmed malicious.
- Timing All of the packages were published at the start of the month.
- Method The sleepers copied the names, icons and descriptions of legitimate extensions to build trust.
- Impact The payload can spread to multiple IDEs, including VS Code, Cursor, Windsurf and VSCodium.
The technical analysis by Socket said the cluster is part of GlassWorm v2, a campaign it has tracked since December 21, 2025. The report said more than 320 artifacts have been identified in total.
The cloned packages used typosquatted names and the same visual branding as legitimate extensions in an effort to lure developers into installing them. In some cases, the sleeper package later delivered a malicious update, turning a seemingly harmless extension into a loader for malware.
The disclosure said the current campaign uses obfuscated JavaScript and a VSIX payload retrieved from GitHub. Once activated, the loader can install the extension across every compatible IDE on the system using the –install-extension command.
The end goal remains credential theft, remote access and the stealth installation of a rogue Chromium-based extension. The report also said the malware avoids Russian systems.
WHY IT MATTERS
The campaign shows how extension marketplaces can be abused to build trust before delivering malicious code. Developers and organizations that rely on IDE plugins may need to review extension sources more closely and monitor for unexpected updates.