GlassWorm
Supply-chain campaign activating 73 dormant OpenVSX VS Code extensions as malicious on 27 April 2026.
Last refreshed: 30 April 2026 · Appears in 1 active topic
Are the dormant VS Code extensions sitting on your developers' laptops a sleeper supply-chain risk?
Timeline for GlassWorm
Mentioned in: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
Cybersecurity: Threats and DefencesTurned 73 dormant OpenVSX VS Code extensions malicious via staged updates
Cybersecurity: Threats and Defences: Three supply-chain hits in thirteen days- How do I check if my VS Code extensions were compromised by GlassWorm?
- Review installed extensions published via OpenVSX that received updates around 27 April 2026. Check changelogs for unexpected functionality. Audit dormant extensions with large install bases — those were GlassWorm's specific target profile.Source: Bleeping Computer
- Why did GlassWorm target OpenVSX rather than the Microsoft VS Code Marketplace?
- OpenVSX is used by developers running open-source IDEs and by organisations with air-gapped VS Code deployments that avoid Microsoft-controlled infrastructure. These environments often apply less scrutiny to extension updates, making the attack surface more attractive.
- What access does a malicious VS Code extension have to a developer's system?
- A VS Code extension runs with the same permissions as the developer: it can read all accessible files, execute terminal commands, access environment variables and stored credentials, and make network connections. A compromised extension provides full lateral-movement capability from the workstation.
Background
GlassWorm is the designation for a supply-chain attack campaign that staged updates to 73 dormant Visual Studio Code extensions on the OpenVSX registry, turning them simultaneously malicious on 27 April 2026. The attack exploited extensions that had been published to OpenVSX and acquired an install base, then sat unused for an extended period before the attackers pushed a malicious update to activate their payload across every instance already installed.
The choice of OpenVSX rather than the primary Microsoft VS Code Marketplace is operationally significant. OpenVSX is used by developers in open-source IDEs including VSCodium and Eclipse Theia, and by organisations that operate air-gapped or self-hosted VS Code deployments. The attack reaches precisely the environments that chose OpenVSX as a privacy-preserving or sovereignty alternative to Microsoft-controlled distribution. Dormant extensions — those with an install base but no recent updates — are a known weak spot because users rarely audit extensions that have been running quietly for months.
GlassWorm arrived as the second in a cluster of three supply-chain attacks in thirteen days alongside TeamPCP (SAP npm packages) and a PyPI infostealer. A malicious extension on a developer laptop has access to every file the developer can read, every terminal session they open, and every credential stored in the IDE's secret management — a full lateral-movement capability from the developer's workstation.