Ddos 
Malicious package | Image: Socket
The threat actor known as GlassWorm has significantly escalated its operations, pivoting from simple malicious listings to a complex, transitive delivery model within the Open VSX extension marketplace. According to a new report from the Socket Research Team, the group is now leveraging extension dependencies to turn benign-looking tools into delivery vehicles for a sophisticated backdoor.
The hallmark of this latest campaign is a “bait-and-switch” tactic. Instead of embedding a malicious loader directly into every extension, GlassWorm now utilizes Extension Packs and Extension Dependencies.
Initially, a package like otoboss.autoimport-extension may appear harmless. However, later updates force the installation of separate, GlassWorm-linked extensions such as federicanc.dotenv-syntax-highlighting. This method allows the threat actor to bypass one-time security reviews and pull in malicious components only after a user’s trust has been established.
As the researchers at Socket noted:
“The threat actor is now abusing extension Pack and extension Dependencies to turn initially standalone-looking extensions into transitive delivery vehicles in later updates, allowing a benign-appearing package to begin pulling a separate GlassWorm-linked extension only after trust has already been established“.
Technically, GlassWorm continues to refine its core tradecraft to evade automated detection. The malware utilizes a staged execution model that features Russian locale and timezone geofencing to ensure it only activates on specific targets while remaining dormant for researchers in other regions.
One of the more innovative aspects of the campaign is the use of Solana transaction memos as “dead drops”. By embedding command data in the metadata of blockchain transactions, the attackers can coordinate their botnet without relying on traditional, easily-flagged C2 servers.
The final payload, identified in extensions like aadarkcode.one-dark-material, is a high-risk remote code execution (RCE) backdoor. The loader is heavily obfuscated and retrieves follow-on code from the network, which is then decoded and executed in-memory.
“The code also includes environment and locale/time gating (anti-analysis/geo-fencing) and silent error suppression. These characteristics constitute a remote code execution backdoor in the extension host and are unacceptable for a trusted editor extension“.
Because the backdoor exposes full Node.js capabilities—including require, process, and Buffer—it essentially gives the attacker total control over the developer’s environment.
Remediation and Defense:
-
Immediate Removal: If you have used any version of the identified malicious extensions, remove them immediately and perform a full compromise analysis of your system.
-
Audit Extension Dependencies: Before installing a new VS Code tool, examine its “Extension Pack” or “Dependencies” list for unrecognized or suspicious packages.
-
Monitor Extension Host Activity: Use security tools that can flag heavy obfuscation or runtime
evalcalls within the VS Code extension host process.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
