GlassWorm sleeper extensions activate on Open VSX
Roughly 40 malicious VS Code extensions surfaced March 14-18, 2026: 20+ new extensions, ~20 previously dormant sleepers activated, plus 11 extensionPack droppers. The campaign hosts VSIX payloads on attacker-controlled GitHub releases to evade registry takedowns. Publishing accounts: laura6909, martina0094, chiara585, francesca898.
- Threat actor
- GlassWorm operators
- Detected by
- Socket
- Also known as
- GlassWorm · GlassWorm Sleeper Wave
- Ecosystems
- Open VSX
- Packages tracked
- 2
What happened
The GlassWorm operators ran a coordinated activation wave on Open VSX between 2026-03-12 and 2026-03-18. Roughly 40 extensions are implicated:
- ~20 net-new malicious extensions impersonating popular tooling
- ~20 previously dormant sleeper extensions whose updates flipped them from clean to malicious
- 11
extensionPackdroppers that transitively pull in a loader
Sleepers like lauracode.wrap-selected-code (0.0.2) and 96-studio.json-formatter (0.0.2 / 0.0.4) were published clean on 2026-03-12, then mutated into extension packs on 2026-03-17 and weaponised on 2026-03-18. This pattern defeats install-time scanning because the offending versions only become malicious well after the user has installed and trusted the extension.
VSIX payloads are hosted on attacker-controlled GitHub releases — for example github.com/chiara585/fwefwewvwfe/releases/download/dqdwd/qwdfewfqzxv.vsix and github.com/francesca898/dqwffqw/releases/download/vsx/autoimport-smart-tool-2.5.8.vsix — keeping the malware reachable even after Open VSX takedowns. The loader retains GlassWorm tradecraft: RC4 string decryption, a 48-hour persistence cooldown, Russian-locale geofencing, and Solana-memo C2 against wallet 6YGcuyFRJKZtcaYCCFba9fScNUvPkGXodXE1mJiSzqDJ.
Socket flagged each new publication within minutes, but the volume and reuse of fresh publisher accounts (laura6909, martina0094, chiara585, francesca898) demonstrate that registry-side moderation alone cannot keep up.
Affected packages (2)
- Open VSX
96-studio.json-formatter0.0.20.0.4 - Open VSX
lauracode.wrap-selected-code0.0.2
Impact
- Developer machines compromised through extension impersonation of popular tools
- Sleeper pattern (publish clean, switch to malicious later) defeats install-time scanning
- GitHub release URLs used as resilient payload hosting
What to do
- 1Audit Open VSX installations; remove extensions from accounts
laura6909,martina0094,chiara585,francesca898 - 2Pin extension versions in dev container configs
- 3Block egress to attacker GitHub release paths (
github.com/chiara585/*,github.com/francesca898/*)