Triage Logo
Back to all articles
ThreatBrief Application SecuritySoftware Supply ChainDependency Management

GlassWorm Campaign Uses Transitive Dependencies to Compromise Open VSX Packages

Recent security research indicates the GlassWorm campaign has evolved to use transitive dependencies within the Open VSX ecosystem. By leveraging extensionPack and extensionDependencies, unauthorized components can bypass initial reviews, highlighting the need for organizations to audit developer tooling updates and dependency chains.

Triage Security Media Team
3 min read

Recent security research indicates that the GlassWorm campaign has compromised dozens of additional software packages within the Open VSX ecosystem.

GlassWorm is a campaign that first emerged last year with the goal of deploying credential-gathering components in developer environments. When a developer downloads a compromised component, the software extracts secrets and credentials. Unauthorized parties then use this access to publish modified versions of projects maintained by that developer, continuing the exposure chain. The campaign also impersonates well-known software packages, attempting to mislead developers and end users into installing an unauthorized application.

Operating primarily within Open VSX—an open-source alternative to Microsoft's Visual Studio Marketplace—GlassWorm targets more than just Microsoft and Open VSX credentials. Historically, the software has extracted NPM and Git credentials, alongside cryptocurrency wallets, macOS system data, web browser data, keychain databases, Apple Notes databases, Safari cookies, and VPN configurations.

The campaign shares conceptual similarities with the Shai-hulud self-replicating compromise targeting the NPM ecosystem, though GlassWorm does not technically self-replicate in the same manner. Over recent months, malicious actors have increasingly focused on the open-source development community using these distribution methods.

On March 13, security vendor Socket published research detailing 72 unauthorized Open VSX extensions linked to the GlassWorm campaign. While the campaign already utilized evasion techniques, recent activity demonstrates an evolution in its distribution methodology.

GlassWorm adopts transitive dependencies

Many of the evasion techniques observed in earlier GlassWorm iterations remain active, according to Socket’s research team. These include staged JavaScript-based loaders, geofencing designed to exclude Russian locales, the use of Solana blockchain transaction memos to establish command-and-control routing, and in-memory follow-on code execution. However, the operators now rotate their infrastructure and loader logic more frequently.

The most significant development is the shift toward transitive delivery. The compromised listings now utilize the extensionPack and extensionDependencies manifest fields. As a result, a package may initially appear safe because it does not directly contain the unauthorized code; instead, it relies on an extension relationship to connect to GlassWorm's data-extraction capabilities. Socket described this as an evolution of the campaign and a significant escalation in how it spreads through Open VSX.

"In practice, this means a user can install an extension that appears non-malicious on its own, while still receiving GlassWorm through its declared extension relationship," Socket's research team wrote. "This lowers the visibility of the malicious component, broadens the threat actor’s reach, and complicates both manual review and registry-side triage."

The latest wave of packages primarily impersonates widely used developer tools. The operators attempt to establish trustworthiness by artificially inflating download counts into the thousands.

While Open VSX has removed the majority of the transitive extensions identified in the report, some examples remained active at the time of publication, indicating that mitigation efforts are ongoing. Philipp Burckhardt, technical lead for threat research at Socket, stated that the team has identified more than 20 additional Open VSX extensions linked to this campaign and anticipates further discoveries.

Burckhardt advises that organizations take this and similar campaigns seriously, noting that developer tooling ecosystems serve as an effective distribution channel due to the high-value data and credentials present on developer machines.

To protect development environments, Socket recommends that organizations implement the following measures:

  • Audit extensions for version-to-version changes involving extensionPack and extensionDependencies.

  • Carefully review installation and update chains.

  • Monitor for specific campaign indicators, such as staged loaders, Russian locale gating, and Solana memo lookups.

"GlassWorm is moving toward less visible, more resilient delivery: later-version manifest changes, transitive installation paths, heavier obfuscation, rotating Solana wallets and infrastructure, and threat actor-controlled decryption material," the researchers stated. "Defenders should expect more extensions that look benign at publication, then become malicious through updates that add extensionPack or extensionDependencies. That model is likely to spread because it hides the real malicious component behind normal extension-management behavior."

Sources & References