Dozens of OpenVSX Extension Clone Attacks Tied to GlassWorm Malware

Vaibhav April 28, 2026
www.news4hackers.com-dozens-of-openvsx-extension-clone-attacks-tied-to-glassworm-malware-dozens-of-openvsx-extension-clone-attacks-tied-to-glassworm-malware
Post Views: 6

Over 70 Extensions on Open VSX Marketplace Likely Linked to GlassWorm Malware

In recent months, a series of malicious extensions have emerged on the Open VSX marketplace, compromising numerous repositories and stealing sensitive information.

  • According to cybersecurity researchers, more than 70 extensions published to the platform in April are suspected to be clones of legitimate extensions, designed to deploy malware on users’ machines through future updates.
  • These extensions, created by newly established GitHub accounts with generic names, exhibit a clear impersonation pattern, mirroring the legitimate extensions in terms of iconography, naming conventions, and descriptions.
  • However, upon closer inspection, the malicious extensions feature distinct identifiers and publishers, suggesting a deliberate attempt to deceive users.
  • The malware delivery mechanism employed by these extensions involves a combination of previously observed tactics, including bundling native binaries and retrieving payloads from remote locations.
  • This approach allows the threat actors to evade detection by hiding critical logic outside of traditional scanning tools and spreading it across multiple delivery channels.

Law Enforcement Actions and Financial Losses

Researcher noted that “the compromise of numerous repositories and the potential theft of sensitive information underscore the severity of this threat.”

Specific figures regarding financial losses are not available, but law enforcement agencies have taken notice of the situation, and ongoing investigations aim to disrupt the activities of the threat actors responsible for the GlassWorm malware.

Timeline of Events

  • October 2025: Initial appearance of GlassWorm malware in the Open VSX registry.
  • November 2025: Spread of GlassWorm to other open-source software ecosystems.
  • January 2026: Re-emergence of GlassWorm, compromising over 150 repositories.
  • March 2026: Further compromise of additional repositories, leading to the discovery of the malicious extensions.
  • April 2026: Over 70 extensions suspected to be linked to GlassWorm malware are discovered on the Open VSX marketplace.


Blog Image

About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-glassworm-malware-returns-via-cloned-open-vsx-browser-extensions-glassworm-malware-returns-via-cloned-open-vsx-browser-extensions

GlassWorm Malware Returns via Cloned Open VSX Browser Extensions

Vaibhav April 28, 2026
www.news4hackers.com-new-linux-malware-strikes-cisco-firepower-network-security-appliances-new-linux-malware-strikes-cisco-firepower-network-security-appliances

New Linux Malware Strikes Cisco Firepower Network Security Appliances

Vaibhav April 28, 2026
www.news4hackers.com-microsoft-teams-hacked-by-unc6692-hackers-for-snow-malware-deployment-microsoft-teams-hacked-by-unc6692-hackers-for-snow-malware-deployment

Microsoft Teams Hacked by UNC6692 Hackers for SNOW Malware Deployment

Vaibhav April 27, 2026

Latest Cyber Security News

www.news4hackers.com-small-business-cybersecurity-risks-mssp-solutions-for-smbs-small-business-cybersecurity-risks-mssp-solutions-for-smbs

Small Business Cybersecurity Risks: MSSP Solutions for SMBs

Vaibhav April 28, 2026
www.news4hackers.com-glassworm-hackers-unleash-new-sleeper-extensions-on-open-vsx-platform-glassworm-hackers-unleash-new-sleeper-extensions-on-open-vsx-platform

GlassWorm Hackers Unleash New ‘Sleeper’ Extensions on Open VSX Platform

Vaibhav April 28, 2026
www.news4hackers.com-glassworm-malware-returns-via-cloned-open-vsx-browser-extensions-glassworm-malware-returns-via-cloned-open-vsx-browser-extensions

GlassWorm Malware Returns via Cloned Open VSX Browser Extensions

Vaibhav April 28, 2026
www.news4hackers.com-ai-powered-aadhaar-biometric-hacking-scandal-lands-four-in-trouble-ai-powered-aadhaar-biometric-hacking-scandal-lands-four-in-trouble

AI-Powered Aadhaar Biometric Hacking Scandal Lands Four in Trouble

Vaibhav April 28, 2026
www.news4hackers.com-police-launch-investigation-into-cyber-fraud-incident-involving-noida-employee-police-launch-investigation-into-cyber-fraud-incident-involving-noida-employee

Police Launch Investigation into Cyber Fraud Incident Involving Noida Employee

Vaibhav April 28, 2026
en_USEnglish
en_USEnglish