Feed
HighPublished 18 Mar 20262 packages · 3 versions

GlassWorm sleeper extensions activate on Open VSX

Summary

Roughly 40 malicious VS Code extensions surfaced March 14-18, 2026: 20+ new extensions, ~20 previously dormant sleepers activated, plus 11 extensionPack droppers. The campaign hosts VSIX payloads on attacker-controlled GitHub releases to evade registry takedowns. Publishing accounts: laura6909, martina0094, chiara585, francesca898.

wormobfuscationinfostealercrypto-wallet-draindormant-domain
Threat actor
GlassWorm operators
Detected by
Socket
Also known as
GlassWorm · GlassWorm Sleeper Wave
Ecosystems
Open VSX
Packages tracked
2

What happened

The GlassWorm operators ran a coordinated activation wave on Open VSX between 2026-03-12 and 2026-03-18. Roughly 40 extensions are implicated:

  • ~20 net-new malicious extensions impersonating popular tooling
  • ~20 previously dormant sleeper extensions whose updates flipped them from clean to malicious
  • 11 extensionPack droppers that transitively pull in a loader

Sleepers like lauracode.wrap-selected-code (0.0.2) and 96-studio.json-formatter (0.0.2 / 0.0.4) were published clean on 2026-03-12, then mutated into extension packs on 2026-03-17 and weaponised on 2026-03-18. This pattern defeats install-time scanning because the offending versions only become malicious well after the user has installed and trusted the extension.

VSIX payloads are hosted on attacker-controlled GitHub releases — for example github.com/chiara585/fwefwewvwfe/releases/download/dqdwd/qwdfewfqzxv.vsix and github.com/francesca898/dqwffqw/releases/download/vsx/autoimport-smart-tool-2.5.8.vsix — keeping the malware reachable even after Open VSX takedowns. The loader retains GlassWorm tradecraft: RC4 string decryption, a 48-hour persistence cooldown, Russian-locale geofencing, and Solana-memo C2 against wallet 6YGcuyFRJKZtcaYCCFba9fScNUvPkGXodXE1mJiSzqDJ.

Socket flagged each new publication within minutes, but the volume and reuse of fresh publisher accounts (laura6909, martina0094, chiara585, francesca898) demonstrate that registry-side moderation alone cannot keep up.

Affected packages (2)

  • Open VSX96-studio.json-formatter
    0.0.20.0.4
  • Open VSXlauracode.wrap-selected-code
    0.0.2

Impact

  • Developer machines compromised through extension impersonation of popular tools
  • Sleeper pattern (publish clean, switch to malicious later) defeats install-time scanning
  • GitHub release URLs used as resilient payload hosting

What to do

  1. 1Audit Open VSX installations; remove extensions from accounts laura6909, martina0094, chiara585, francesca898
  2. 2Pin extension versions in dev container configs
  3. 3Block egress to attacker GitHub release paths (github.com/chiara585/*, github.com/francesca898/*)

References

openvsx-2026-03-18-glassworm-sleeper