# 73 Fake VS Code Extensions Weaponized to Spread GlassWorm v2 Information Stealer


Cybersecurity researchers have identified a significant supply chain attack targeting developers through the Open VSX marketplace, uncovering a cluster of 73 malicious or cloned Visual Studio Code extensions linked to the persistent GlassWorm information-stealing campaign. Six extensions have been confirmed as actively malicious, while the remainder appear designed to establish footholds within developer environments and build credibility for future attacks.


The discovery represents a growing threat to the software development supply chain, where attackers exploit the trust developers place in community extension repositories to distribute sophisticated malware capable of harvesting credentials, source code, and sensitive project data.


## The Threat


The attack centers on GlassWorm v2, an evolved variant of a known information stealer that has been actively targeting developers and organizations for extended periods. The malware is designed to exfiltrate:


  • Authentication credentials (API keys, OAuth tokens, SSH keys)
  • Source code repositories and project files
  • Environment variables containing sensitive configuration
  • Browser history and passwords stored in popular browsers
  • Git credentials used for repository access
  • Development tool configurations containing deployment credentials

    • The fake extensions are distributed under names closely mimicking legitimate, popular tools. By cloning names and descriptions of genuine VS Code extensions, the attackers exploit the difficulty users face in distinguishing trustworthy packages from imposters—particularly in crowded categories where dozens of similar extensions exist.


    ## Background and Context


    ### The VS Code Extension Ecosystem Risk


    Visual Studio Code's extension marketplace has become an increasingly attractive target for supply chain attackers. The reasons are straightforward:


  • Developer access: Extensions execute within the VS Code environment, granting access to all open files, terminals, and environment variables
  • Trust implicit: Developers assume extensions in official marketplaces have been vetted
  • Lower barrier to entry: Creating and publishing extensions requires minimal authentication
  • Persistence: Once installed, extensions persist across VS Code sessions

    • Open VSX—a community-maintained open-source alternative to the official VS Code Marketplace—lacks the vetting rigor of Microsoft's marketplace, making it an attractive distribution vector for attackers.


    ### GlassWorm History


    GlassWorm emerged as a targeted information stealer focused on developers and technology professionals. Earlier variants were distributed through:


  • Compromised build tools
  • Malicious npm packages
  • Browser extension marketplaces
  • Fake development software

    • The v2 iteration shows increased sophistication, with improved evasion techniques, modular architecture, and expanded data exfiltration capabilities. The shift to spoofing legitimate VS Code extensions represents a strategic pivot to exploit the friction-free installation model of extension marketplaces.


    ## Technical Details


    ### Attack Mechanics


    The infection chain unfolds in several stages:


    1. Discovery and Installation

    Users searching for legitimate extensions (e.g., "prettier formatter," "eslint," "docker") encounter fake extensions with names like "prettier-formatter-pro" or "eslint-engine." The extensions carry authentic-looking descriptions and download counts inflated through coordinated accounts.


    2. Initial Execution

    Upon installation, the extension's activation script executes within VS Code's extension host process. Unlike regular user code, extension code operates with elevated privileges and filesystem access.


    3. Credential Harvesting

    The malware immediately begins scanning for credentials:

  • Reads SSH key files from ~/.ssh/
  • Retrieves git configuration from ~/.git-credentials and .gitconfig
  • Extracts VS Code stored secrets and authentication tokens
  • Searches environment variables loaded in integrated terminals

    • 4. Data Exfiltration

    Harvested data is encrypted and transmitted to attacker-controlled command-and-control (C2) infrastructure, designed to avoid detection through:

  • HTTPS encryption
  • Randomized beacon intervals
  • Domain generation algorithms (DGA) for C2 resilience

    • 5. Persistence and Lateral Movement

    Some variants establish persistence through:

  • Modification of VS Code user settings to auto-load malicious extensions
  • Injection of malicious configurations into settings.json
  • Cloning of target repositories to identify organization structure

    • ### The Clone Network


    Analysis reveals a coordinated operation with clear hallmarks of sophistication:


    | Indicator | Finding |

    |-----------|---------|

    | Total extensions | 73 identified |

    | Confirmed malicious | 6 (active payload delivery) |

    | Dormant variants | 67 (awaiting activation or serving as credibility fakes) |

    | Registration pattern | Created in coordinated waves with slight time spacing |

    | Author accounts | Varied email addresses, possibly using compromised accounts |

    | Update frequency | Irregular, suggesting manual staging |


    ## Implications for Organizations


    ### Developer Targeting as Corporate Risk


    Developers are high-value targets because they control:


  • Repository access to proprietary source code
  • Deployment credentials for production environments
  • API keys for third-party integrations
  • Infrastructure access via cloud provider tokens

    • A single compromised developer account can grant attackers direct access to an organization's crown jewels. In the context of 73 fake extensions, the potential impact scales to hundreds or thousands of installations.


    ### Supply Chain Amplification


    Unlike traditional malware targeting end-users, developer-focused attacks have multiplier effects:


  • Compromised packages: An attacker with a developer's credentials could publish malicious code to legitimate repositories
  • Internal tools: Internal-only packages and private repositories become accessible
  • Downstream consumers: Organizations using repositories maintained by compromised developers face cascading risk

    • ### Estimated Exposure


    While download statistics for the fake extensions were not disclosed in security reports, even modest adoption (hundreds to thousands of installations) represents significant exposure across the enterprise software sector.


    ## Recommendations


    ### For Individual Developers


    1. Audit installed extensions immediately

    - Review the Extensions panel in VS Code

    - Cross-reference with official documentation or the Microsoft Marketplace

    - Remove any unfamiliar or suspicious extensions


    2. Rotate credentials if uncertain about infection timeline

    - Change passwords for critical accounts (GitHub, GitLab, Azure DevOps)

    - Rotate API keys and OAuth tokens

    - Regenerate SSH keys used in development workflows


    3. Review Git history on personal and corporate repositories

    - Look for unexpected commits or unauthorized access

    - Check git logs for unusual activity during periods when malicious extensions may have been active


    4. Enable two-factor authentication (2FA) on:

    - GitHub, GitLab, and other repository platforms

    - Cloud provider accounts (AWS, Azure, GCP)

    - Email accounts linked to development tooling


    ### For Organizations


    1. Establish extension governance

    - Maintain a curated allowlist of approved VS Code extensions

    - Deploy VS Code via organizational settings with restricted extension policies

    - Use Microsoft's managed extension marketplaces where available


    2. Monitor developer environments

    - Implement endpoint detection and response (EDR) on developer workstations

    - Log and monitor VS Code installation directories for unauthorized changes

    - Alert on credential access from unusual processes


    3. Incident response

    - Assume compromised developers may have exfiltrated credentials

    - Rotate all credentials potentially accessible to affected developers

    - Audit repository access logs and deployment histories

    - Review source code for injected malicious changes


    4. Supply chain visibility

    - Audit all third-party extensions used across the organization

    - Establish software composition analysis (SCA) tooling to track dependencies

    - Conduct periodic reviews of development tooling security


    ### For Extension Repository Maintainers


  • Implement stronger verification processes for extension publishers
  • Require cryptographic signing of extension updates
  • Flag extensions with suspicious naming patterns or download anomalies
  • Expand automated malware scanning coverage

    • ## Conclusion


    The GlassWorm v2 campaign represents a maturation of supply chain attacks targeting the development community. By weaponizing the trust placed in extension marketplaces, attackers have identified a high-friction-low-trust vector that bypasses many organizational security controls. The discovery of 73 fake extensions underscores the need for developers and organizations to treat extension management with the same rigor applied to production dependencies and access controls.


    Immediate action to audit, rotate credentials, and establish extension governance is critical to limiting exposure from this campaign and similar future attacks.