GlassWorm Strikes Again: Malware Infects VS Code Extensions with Invisible Attacks

GlassWorm malware is back from its brief vacation, now infecting VS Code extensions via Open VSX and GitHub. Just when developers thought it was safe, this sneaky malware returns, using AI-generated commits and invisible Unicode to hide its tracks. It’s like the malware version of a bad penny, always turning up!

3P
Published: November 10, 2025 9:17 pmAdded: November 10, 2025 at 1:23 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

GlassWorm is back and it’s more slippery than a greased-up pig at a county fair! This malware is making its rounds through Open VSX and GitHub like it’s on a world tour, infecting VS Code extensions with the finesse of a ninja. If you’re a developer, you might want to double-check your extensions before they start whispering your secrets to the dark web. Who knew coding could be this edgy?

Key Points:

  • GlassWorm malware has emerged again, targeting Open VSX and GitHub.
  • Three additional VS Code extensions have been infected, totaling 10,000 downloads.
  • Solana blockchain transactions are used to update command and control (C2) addresses.
  • Invisible Unicode malware is used to conceal malicious activities.
  • The malware operates on a global scale, affecting critical infrastructure.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?