GlassWorm, a known malware, placed 73 malicious extensions in the OpenVSX registry. Hackers use it to steal developers’ crypto wallets and other data.
Security researchers found that six extensions have already turned into active payloads. The extensions were downloaded as fake versions of known listings and were not malicious. According to a report from Socket, the bad code is coming in a later update.
GlassWorm malware attacks cryptocurrency developers
In October 2025, the Glass Worm appeared for the first time. It used invisible Unicode characters to hide custom code to steal crypto wallet data and developer credentials. The campaign has since expanded to npm packages, GitHub repositories, Visual Studio Code Marketplace, and OpenVSX.
A wave hit hundreds of warehouses and dozens of extensions in mid-March 2026, but its size caught people’s attention. Several research groups noticed this activity early on and helped stop it.
It appears that the attackers have changed their approach. The latest batch does not immediately include malware; Instead, it uses a delayed activation model. It sends a clean addon, creates an install base, and then sends a bad update.
“Cloned or spoofed extensions are first deployed without an obvious payload, and are later updated to deliver malware,” said Socket researchers. He said.
Security researchers found three ways to deliver malicious code via the 73 extensions. One way is to use a second VSIX package from GitHub while running and installing the software using CLI commands. Another method loads platform-specific compiled modules as node files (.) that contain the underlying logic, including procedures for obtaining further payloads.
The third method uses heavily obfuscated JavaScript that is decrypted at runtime to download and install malicious extensions. It also has encrypted or backup URLs to get the payload.
The add-ons look a lot like real menus.
In one case, the attacker copied the icon of the original extension and gave it an almost identical name and description. The publisher name and unique identifier are what set them apart, but most developers don’t look closely at these things before installing.
GlassWorm is designed to keep track of access tokens, crypto wallet data, SSH keys, and information about the developer environment.
Cryptocurrency wallets are under constant attack from hackers
the to threaten It goes beyond just crypto wallets. A different but related incident illustrates how supply chain attacks can spread across developers’ infrastructure.
On April 22, the npm registry hosted a bad version of Bitwarden’s CLI for 93 minutes under the official package name @bitwarden/(email protected). Security firm JFrog found that the payload stole GitHub tokens, npm tokens, SSH keys, AWS and Azure credentials, and GitHub Actions secrets.
JFrog’s analysis found that the compromised package modified the installation hook and binary entry point to load the Bun runtime and run an obfuscated payload, both during installation and during runtime.
According to the company’s own records, Bitwarden has more than 50,000 companies and 10 million users. Socket linked this attack to a larger campaign tracked by Checkmarx researchers, and Bitwarden confirmed this link.
The issue depends on how npm and other registries work. attackers Use the time between publishing the package and examining its contents.
Sonatype found approximately 454,600 new malicious packages invading registries in 2025. Threat actors looking to gain access to cryptocurrency custody services, DeFi, and token launch platforms have begun targeting registries and launching malicious workflows.
For developers who have installed any of the 73 flagged OpenVSX extensions, Socket recommends rotating all secrets and cleaning up their development environments.
The next thing to watch is whether the remaining 67 dormant extensions will be activated in the coming days, and whether OpenVSX implements additional audit controls for extension updates.
