Executive Summary
In early 2024, a new wave of the Glassworm malware campaign was discovered infiltrating the Microsoft Visual Studio Code and OpenVSX marketplaces with 24 malicious packages. These supply-chain attacks targeted software developers by masquerading as legitimate extensions, but upon installation delivered trojans capable of stealing sensitive files, authentication tokens, and establishing persistence for command-and-control activities. The campaign began in October 2023, with this third and most extensive wave compromising both trusted VS Code ecosystems and potentially impacting thousands who unknowingly downloaded tainted packages. The threat actors have not been formally attributed but demonstrated sophisticated understanding of both developer environments and software supply chains.
This incident is a striking example of the increasing shift toward attacking upstream dependencies, leveraging trusted developer tools to gain footholds deeper in organizations. With open-source and third-party marketplaces under continuous attack, businesses face growing pressure to implement better package vetting and monitoring along with zero-trust segmentation and detection capabilities.
Why This Matters Now
Supply-chain attacks leveraging widely used developer tools such as VS Code put the entire software development lifecycle at risk, making it urgent for organizations to enhance controls around trust, visibility, and anomaly detection. Glassworm’s recurring waves highlight how quickly attackers adapt, necessitating continuous vigilance and updated defense strategies.
Attack Path Analysis
The attacker initiated compromise via malicious Visual Studio Code extensions distributed through supply-chain repositories. Upon installation, the malware possibly escalated privileges to gain deeper access within the developer or CI/CD environment. The adversary then maneuvered laterally across internal systems or containers, leveraging east-west access. Remote command and control channels were established using outbound network connectivity. Data and secrets were potentially exfiltrated to attacker-controlled infrastructures. Finally, the campaign posed business risks by enabling backdoor persistence or platform manipulation.
Kill Chain Progression
Initial Compromise
Description
A malicious VS Code marketplace package is installed on a developer or build system, allowing the attacker code execution within the environment.
Related CVEs
CVE-2025-22230
CVSS 9A vulnerability in Visual Studio Code extensions allows attackers to inject malicious code using invisible Unicode characters, leading to unauthorized access and data exfiltration.
Affected Products:
Microsoft Visual Studio Code – 1.60.0 to 1.65.0
Exploit Status:
exploited in the wildReferences:
https://www.rescana.com/post/glassworm-supply-chain-attack-self-spreading-malware-infects-visual-studio-code-vs-code-extensionhttps://www.anomali.com/blog/anomali-cyber-watch-robot-malware-suite-glassworm-vidar-stealer-2-0https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Dependencies and Development Tools
Application Layer Protocol: Web Protocols
Command and Scripting Interpreter
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Impair Defenses: Disable or Modify Tools
System Information Discovery
Obfuscated Files or Information
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Security of System Components and Software
Control ID: 6.3.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Third-party Risk Management
Control ID: Article 10
CISA ZTMM 2.0 – Continuous Validation of Software Supply Chain
Control ID: Pillar: Supply Chain Risk, Practice: Continuous Validation
NIS2 Directive – Supply Chain Security Measures
Control ID: Article 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Critical supply-chain exposure through compromised VS Code packages targeting developers, requiring enhanced egress security and threat detection for development environments.
Information Technology/IT
High risk from Glassworm malware infiltrating development toolchains, necessitating zero trust segmentation and multicloud visibility for IT infrastructure protection.
Financial Services
Severe threat to regulated environments using VS Code development tools, demanding encrypted traffic controls and anomaly detection to prevent data exfiltration.
Health Care / Life Sciences
Significant compliance risk from compromised development packages, requiring inline IPS protection and kubernetes security for HIPAA-regulated application development environments.
Sources
- Glassworm malware returns in third wave of malicious VS Code packageshttps://www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/Verified
- GlassWorm Supply Chain Attack: Self-Spreading Malware Infects Visual Studio Code (VS Code) Extensions via OpenVSX and Microsoft Marketplacehttps://www.rescana.com/post/glassworm-supply-chain-attack-self-spreading-malware-infects-visual-studio-code-vs-code-extensionVerified
- Anomali Cyber Watch: 'ROBOT' Malware Suite, GlassWorm, Vidar Stealer 2.0, and Morehttps://www.anomali.com/blog/anomali-cyber-watch-robot-malware-suite-glassworm-vidar-stealer-2-0Verified
- GlassWorm malware returns on OpenVSX with 3 new VSCode extensionshttps://www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Applying Zero Trust segmentation, granular egress controls, and continuous threat detection would have contained the infection to initial hosts, limited privilege abuse, detected suspicious east-west or outbound traffic, and prevented or alerted on attempted exfiltration or abuse of the developer environment.
Control: Threat Detection & Anomaly Response
Mitigation: Suspicious process or package installation is rapidly detected for response.
Control: Zero Trust Segmentation
Mitigation: Limits potential access abuse by enforcing least privilege policies.
Control: East-West Traffic Security
Mitigation: Blocks unauthorized internal communication paths for malware propagation.
Control: Egress Security & Policy Enforcement
Mitigation: Unauthorized or suspicious outbound traffic is blocked or closely monitored.
Control: Cloud Firewall (ACF)
Mitigation: Exfiltration attempts can be blocked or logged for investigation.
Cross-cloud enforcement and real-time controls limit scope and persistence of attacker tooling.
Impact at a Glance
Affected Business Functions
- Software Development
- IT Security
Estimated downtime: 7 days
Estimated loss: $500,000
Potential exposure of developer credentials, including GitHub, npm, and OpenVSX tokens, as well as cryptocurrency wallet data from 49 different extensions.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce Zero Trust segmentation and identity-based policies to prevent lateral movement between workloads and users.
- • Deploy real-time anomaly detection to rapidly identify installation of unapproved packages and suspicious process behavior.
- • Implement strict egress filtering and FQDN allow listing to block unauthorized outbound connections and C2 traffic.
- • Apply application- and namespace-level controls in Kubernetes or containerized environments to limit attacker access and data exfiltration paths.
- • Continuously monitor and audit cloud network flows and enforce distributed inline policies across all environments for proactive response.
