Back to Intelligence

GlassWorm Escalates: Supply Chain Attack Hijacks Developer Workstations via Transitive Dependencies

SA
Security Arsenal Team
March 14, 2026
6 min read

The Evolution of GlassWorm: A Dangerous Shift in Supply Chain Tactics

For cybersecurity professionals, the concept of a supply chain attack is nothing new. However, the mechanisms used by threat actors continue to evolve in sophistication. Recently, researchers flagged a significant escalation in the GlassWorm campaign, a malware operation specifically targeting the software development lifecycle. Unlike traditional attacks that rely on a single compromised entry point, this iteration uses a complex web of dependencies to infiltrate developer environments.

The target? The Open VSX registry, an open-source marketplace for Visual Studio Code (VS Code) extensions. By abusing the inherent trust developers place in their integrated development environments (IDEs), the actors behind GlassWorm have found a potent pathway to establish persistence on high-value machines.

Understanding the Attack Vector

At its core, the GlassWorm campaign is a trojanization attack. Historically, malicious actors would upload a single extension containing a payload, hoping a user would download it. While effective, this method is noisy; a single malicious file is easier to flag and take down.

The new iteration of GlassWorm has adapted by abusing the legitimate features of the VS Code extension manifest: specifically extensionPack and extensionDependencies.

The Mechanics of Transitive Infection

VS Code allows developers to bundle extensions together. An extension can declare dependencies on other extensions to function correctly. When a user installs the primary extension, VS Code automatically installs the dependencies in the background.

GlassWorm actors have exploited this by:

  1. Creating seemingly benign extensions: These appear to be useful tools, such as themes, linting utilities, or language packs.
  2. Embedding malicious references: Instead of embedding the malicious loader directly in the main extension (where it might be easily scanned), the main extension lists a malicious dependency in its manifest file.
  3. Transitive installation: When a developer installs the "safe" looking extension, the IDE automatically reaches out to the registry and downloads the malicious payload.

This technique turns the trust in the extension ecosystem into a weapon. With 72 identified extensions currently acting as nodes in this malicious network, the attack surface is vast.

Technical Analysis: TTPs and Impact

From a tactical perspective, this campaign represents a shift toward "living-off-the-land" within the application layer. The attackers are not necessarily exploiting a zero-day vulnerability in the VS Code binary itself; rather, they are abusing the logic of how package managers resolve dependencies.

Key TTPs (Tactics, Techniques, and Procedures)

  • Initial Access: User-driven download of a low-severity or attractive extension from the Open VSX registry.
  • Execution: Automatic installation and activation of dependencies (the malicious loader) upon extension startup.
  • Persistence: The malicious extension registers itself within the VS Code configuration, ensuring it runs every time the IDE is launched.
  • Defense Evasion: By splitting the payload across multiple packages and using transitive dependencies, the attackers obscure the malicious intent of the primary extension, often bypassing basic static analysis that might only check the root package.

The payload typically involves information theft or establishing a reverse shell, granting the attacker access to the developer's local source code, credentials, and potentially the internal network.

Detection and Threat Hunting

Detecting this type of supply chain attack requires a shift in mindset. You cannot simply block "unknown" extensions; you must monitor the behavior of the entire extension ecosystem. Security teams need visibility into what is being installed and how those components behave once active.

Hunting for Suspicious Extensions

We can use PowerShell to enumerate installed extensions and check for suspicious characteristics, such as those published recently or with unrecognized publishers.

Script / Code
# Enumerate VS Code Extensions and Check for Unrecognized Publishers
$ExtPath = "$env:USERPROFILE\.vscode\extensions"
if (Test-Path $ExtPath) {
    Get-ChildItem $ExtPath | ForEach-Object {
        $JsonPath = Join-Path $_.FullName "package."
        if (Test-Path $JsonPath) {
            $Manifest = Get-Content $JsonPath | ConvertFrom-Json
            [PSCustomObject]@{
                ExtensionName = $Manifest.name
                Publisher = $Manifest.publisher
                Version = $Manifest.version
                InstallDate = $_.LastWriteTime
                Dependencies = $Manifest.extensionDependencies -join ","
            }
        }
    } | Where-Object { $_.Publisher -notin @"ms-vscode", "dbaeumer", "esbenp", "formulahendry"@ }
}

KQL Queries for Sentinel/Defender

For SOC teams utilizing Microsoft Sentinel or Defender for Endpoint, monitoring for unsigned DLL loads or suspicious child processes spawned by the VS Code host process is critical.

Script / Code
// Hunt for unsigned DLL loads within VS Code Extension directories
DeviceImageLoadEvents
| where FolderPath contains ".vscode\\extensions"
| where IsSigned == false
| project Timestamp, DeviceName, FileName, FolderPath, SHA256, InitiatingProcessFileName
| order by Timestamp desc


// Monitor for VS Code spawning suspicious shells (powershell/cmd)
DeviceProcessEvents
| where InitiatingProcessFileName =~ "Code.exe"
| where FileName in~ ("powershell.exe", "cmd.exe", "bash.exe")
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessCommandLine
| limit 100

Mitigation Strategies

Defending against the GlassWorm campaign requires a layered approach that balances developer productivity with strict security controls.

  1. Registry Governance: If your organization relies heavily on VS Code, consider hosting an internal extension registry (such as an enterprise proxy for Open VSX) and disabling access to the public registry. This allows you to curate exactly which extensions are permissible.

  2. Extension Allowlisting: Enforce Group Policy Objects (GPOs) or configuration files (settings.) that restrict extension installations to a specific list of trusted publishers.

  3. Audit and Review: Conduct regular audits of installed extensions across developer workstations. Remove any extensions that are no longer in use or that cannot be verified as safe.

  4. Network Segmentation: Ensure developer workstations are segmented from critical production infrastructure. If a developer environment is compromised via an extension, the blast radius should be contained to prevent lateral movement to servers or databases.

  5. Developer Education: Train your development teams to recognize the signs of a typosquatting attack (e.g., an extension named "Prettier-Code" instead of the official "Prettier"). Encourage them to review the "Dependencies" tab before installing any extension.

The GlassWorm campaign is a stark reminder that in the modern software supply chain, trust is a vulnerability. By rigorously vetting the code that runs within our IDEs, we protect not just the developer's machine, but the entire software lifecycle.

Related Resources

Security Arsenal Healthcare Cybersecurity AlertMonitor Platform Book a SOC Assessment healthcare Intel Hub

healthcarehipaaransomwaresupply-chain-attackglasswormopen-vsxdeveloper-securitythreat-hunting

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action