
GlassWorm
Supply-chain campaign activating 73 dormant OpenVSX VS Code extensions as malicious on 27 April 2026.
Last refreshed: 30 April 2026 · Appears in 1 active topic
Are the dormant VS Code extensions sitting on your developers' laptops a sleeper supply-chain risk?
Timeline for GlassWorm
Mentioned in: One in six infections beats the drug
Pandemics and BiosecurityMentioned in: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
Cybersecurity: Threats and DefencesTurned 73 dormant OpenVSX VS Code extensions malicious via staged updates
Cybersecurity: Threats and Defences: Three supply-chain hits in thirteen daysHow do I check if my VS Code extensions were compromised by GlassWorm?
Why did GlassWorm target OpenVSX rather than the Microsoft VS Code Marketplace?
What access does a malicious VS Code extension have to a developer's system?
Background
GlassWorm is the designation for a supply-chain attack campaign that staged updates to 73 dormant Visual Studio Code extensions on the OpenVSX registry, turning them simultaneously malicious on 27 April 2026. The attack exploited extensions that had been published to OpenVSX and acquired an install base, then sat unused for an extended period before the attackers pushed a malicious update to activate their payload across every instance already installed.
The choice of OpenVSX rather than the primary Microsoft VS Code Marketplace is operationally significant. OpenVSX is used by developers in open-source IDEs including VSCodium and Eclipse Theia, and by organisations that operate air-gapped or self-hosted VS Code deployments. The attack reaches precisely the environments that chose OpenVSX as a privacy-preserving or sovereignty alternative to Microsoft-controlled distribution. Dormant extensions — those with an install base but no recent updates — are a known weak spot because users rarely audit extensions that have been running quietly for months.
GlassWorm arrived as the second in a cluster of three supply-chain attacks in thirteen days alongside TeamPCP (SAP npm packages) and a PyPI infostealer. A malicious extension on a developer laptop has access to every file the developer can read, every terminal session they open, and every credential stored in the IDE's secret management — a full lateral-movement capability from the developer's workstation.