Back

73 Malicious VS Code Extensions Distribute GlassWorm v2 Malware

Severity: High (Score: 66.5)

Sources: Thehackernews, Cybersecuritynews

Summary

A new malware campaign has emerged involving 73 sleeper extensions in the Open VSX marketplace, linked to the GlassWorm supply chain attack. Discovered in April 2026, these extensions pose a significant threat to software developers by delivering the GlassWorm v2 malware. This follows a previous wave in March 2026, where 72 malicious Open VSX extensions were identified. The attack method involves using fake Visual Studio Code (VS Code) extensions to compromise systems. Developers who unknowingly install these extensions are at risk of malware infection. The scope of the impact is extensive, as these extensions can bypass detection mechanisms. Current status indicates ongoing investigations and heightened awareness among cybersecurity professionals. Immediate action is recommended to mitigate risks associated with these sleeper extensions. Key Points: • 73 new sleeper extensions linked to the GlassWorm malware campaign discovered. • The attack targets software developers using the Open VSX marketplace. • This follows a previous discovery of 72 malicious extensions in March 2026.

Key Entities

  • Glassworm (malware)
  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • Open VSX (company)
  • VS Code (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed