The supply chain attack known as GlassWorm has recently escalated with the identification of 73 new sleeping extensions in the Open VSX marketplace. This development, which occurred in April 2026, represents a dangerous evolution in the way threat actors distribute malware to software developers. This group of extensions follows a previous wave detected in March 2026, which had already documented 72 malicious extensions associated with the same operation.
The evolution of malicious extensions
The new tactics employed by attackers aim to evade security scans. Previously, variants of this attack exploited dependency features of extensions to silently install malicious loaders. In contrast, the sleeping extensions are fake packages published before being activated, which initially seem harmless to build trust and accumulate downloads.
To carry out their operations, attackers create fraudulent accounts on GitHub to publish cloned versions of popular tools. A clear example is a fake extension of the Turkish Language Pack for Visual Studio Code, which closely emulates the legitimate version, even copying its icon and description, only changing the name of the publisher. Once developers install these cloned tools, the attackers wait to launch a software update that delivers the malware. At least six of the 73 new extensions have already been activated, serving as loaders to obtain external malware payloads.
The malicious code is no longer visible in the source code of the extension, which increases the opportunities to evade detection. Security teams must be vigilant for certain indicators of compromise, and it is crucial for developers to verify the namespaces of the editors and carefully review the download accounts before installing any extension from the Open VSX marketplace.