73 fake VS Code extensions on Open VSX spread GlassWorm v2

Security firm Socket identified 73 cloned Visual Studio Code extensions in the Open VSX repository linked to an information‑stealing campaign tracked as GlassWorm v2. Six of the extensions are confirmed malicious, while the others appear to be sleeper packages that build installs before delivering a payload. Socket reported the cluster was published at the start of the month and has mapped more than 320 related artifacts dating to December 21, 2025.

The cloned packages reuse names, icons and descriptions or use slight typosquatting to trick developers into installing them. Many present as simple loader extensions that later download a secondary VSIX package hosted on GitHub. That secondary package is installed across every detected integrated development environment on an infected machine by invoking the IDE installation command, allowing the payload to reach VS Code, Cursor, Windsurf, VSCodium and others.

The six confirmed malicious extensions include outsidestormcommand.monochromator-theme, keyacrosslaud.auto-loop-for-antigravity, krundoven.ironplc-fast-hub, boulderzitunnel.vscode-buddies, cubedivervolt.html-code-validate and winnerdomain17.version-lens-tool.

Socket found attackers are using Zig-based droppers to deliver the secondary VSIX and are moving to sleeper packages and transitive dependencies as evasion techniques. The company’s analysis shows the loader keeps delivery logic in obfuscated JavaScript inside the extension. The loader retrieves and executes the payload after activation and uses the IDEs’ “–install-extension” command to propagate the malicious package.

Socket wrote:

“This approach achieves the same outcome as the binary-based variant, but keeps the delivery logic in obfuscated JavaScript. The extension acts as a loader, while the payload is retrieved and executed after activation.”

Once active, the payload is designed to avoid systems in Russia, collect sensitive data, deploy a remote access trojan and install a rogue Chromium-based browser extension that can harvest credentials, bookmarks and other browser data.

Attackers rely on transitive dependencies and staggered updates to bypass automated detection and reputation checks. Socket’s telemetry indicates the campaign uses visual mimicry to grow install counts organically before flipping an extension into a malicious state.

Developers who install extensions based solely on name, icon or description may be at risk. Security researchers recommend auditing installed extensions, verifying publisher details and reviewing source code when possible.