GlassWorm Hackers Unleash New ‘Sleeper’ Extensions on Open VSX Platform

Malicious Extensions Spreading on Open VSX Platform

Researchers have identified a new wave of malicious extensions on the Open VSX platform, which have been linked to the ongoing Glassworm campaign.

• Totaling 73 extensions have been found to incorporate seemingly benign code into their manifest files.
• These “sleeper” extensions remain dormant until they are activated, at which point they begin to deliver malware to unsuspecting users.
• The Glassworm campaign, which originated in October 2025, targets the Microsoft Visual Studio Code (VS Code) extension ecosystem.
• Its primary goal is to exfiltrate sensitive information, including login credentials, Open VSX, GitHub, and cryptocurrency wallet details.
• This stolen data enables the attackers to propagate the malware further by publishing additional infected extensions.

Six specific extensions have been confirmed to be malicious, including ones impersonating the Monochromator theme, AutoAntigravity, IronPLC, VS Code Pets, HTML-validate, and Version Lens.

• In some cases, the attackers added new extensionPack or extensionDependencies manifest fields that caused the extension to automatically install another malicious extension as a dependency.
• To mitigate this threat, developers are advised to review manifest diffs for new extensionPack and extensionDependencies additions.
• They should also inspect the extension’s update/install chains, rather than solely focusing on the code itself.
• Developers should be aware of potential sleeper extensions that appear benign but may receive malicious updates in the future by checking for signs of impersonation, such as a low install count or incorrect publisher name.

About Author

Vaibhav

See author's posts