Hacker target the OpenVSX ecosystem to steal crypto wallets
GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX’s registry. Hackers use it to steal developers’ crypto wallets and other data.
Security researchers found that six extensions have already turned into active payloads. The extensions were uploaded as fake copies of well-known listings that weren’t harmful. According to a report from Socket, the bad code comes in a later update.
GlassWorm malware attacks crypto devs
In October 2025, GlassWorm first appeared. It used invisible Unicode characters to hide code intended to steal crypto wallet data and developer credentials. The campaign has since spread to npm packages, GitHub repositories, the Visual Studio Code Marketplace, and OpenVSX.
A wave hit hundreds of repositories and dozens of extensions in the middle of March 2026, but its size caught people’s attention. Several research groups noticed the activity early on and helped stop it.
The attackers appear to have changed their approach. The latest batch doesn’t embed malware right away; instead, it uses a delayed activation model. It sends a clean extension, builds an install base, and then sends a bad update.
“Cloned or impersonating extensions are first published without an obvious payload, then later updated to deliver malware,” Socket researchers said.
Security researchers found three ways to deliver the malicious code across the 73 extensions. One way is to use a second VSIX package from GitHub while the program is running and install it using CLI commands. Another method loads platform-specific compiled modules like [.]node files that contain the core logic, including routines for getting more payloads.
A third way uses heavily obfuscated JavaScript that decodes at runtime to download and install malicious extensions. It also has encrypted or fallback URLs for getting the payload.
The extensions look a lot like genuine listings.
In one case, the attacker copied the icon of the genuine extension and gave it a name and description that were almost the same. The publisher name and the unique identifier are what set them apart, but most developers don’t look closely at these things before installing.
GlassWorm is built to go after access tokens, crypto wallet data, SSH keys, and information about the developer environment.
Crypto wallets are continuously under attack from hackers
The threat goes beyond just crypto wallets. A different but related incident shows how supply chain attacks can spread through devs infrastructure.
On April 22, the npm registry hosted a bad version of Bitwarden’s CLI for 93 minutes under the official package name @bitwarden/cli@2026.4.0. JFrog, a security company, found that the payload stole GitHub tokens, npm tokens, SSH keys, AWS and Azure credentials, and GitHub Actions secrets.
JFrog’s analysis found that the hacked package modified the install hook and binary entrypoint to load the Bun runtime and run an obfuscated payload, both during installation and while running.
According to the company’s own records, Bitwarden has more than 50,000 businesses and 10 million users. Socket linked that attack to a bigger campaign tracked by Checkmarx researchers, and Bitwarden confirmed the connection.
The problem relies on how npm and other registries operate. Attackers exploit the time between when a package is published and when its contents are checked.
Sonatype found about 454,600 new malicious packages infesting registries in 2025. Threat actors looking to gain access to crypto custody, DeFi, and token launchpads have begun targeting registries and releasing malicious workflows.
For developers who installed any of the 73 flagged OpenVSX extensions, Socket recommends rotating all secrets and cleaning their development environments.
The next thing to watch is whether the remaining 67 dormant extensions activate in the coming days, and whether OpenVSX implements additional review controls for extension updates.
Your bank is using your money. You’re getting the scraps. Watch our free video on becoming your own bank
Recommended Articles
