GlassWorm Squashed: Open VSX Triumphs Over Malicious Extensions Scare

GlassWorm campaign targeting Visual Studio developers with malware-filled VS Code extensions has been contained, says Open VSX team. The extensions, downloaded nearly 36,000 times, were hidden with Unicode trickery. Fortunately, Open VSX flushed the worms out, revoking exposed tokens, and tightening security.

3P
Published: October 31, 2025 12:28 pmAdded: October 31, 2025 at 5:47 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, this is one worm that managed to slither its way into the wrong extensions! Looks like the Open VSX team had to play pest control and squash the GlassWorm before it set up a cozy little home in developers’ systems. What’s next, malware in our coffee machines?

Key Points:

– **GlassWorm campaign targeted VS Code developers through the Open VSX marketplace.**
– **Extensions were downloaded nearly 36,000 times, though not all were legitimate downloads.**
– **GlassWorm could steal credentials, drain crypto wallets, and install remote access tools.**
– **Open VSX team fully contained the threat and improved security measures.**
– **Enhanced scanning and token management are now in place to prevent future incidents.**

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?