Analysis

The "GlassWorm" self-propagating worm represents a significant cybersecurity threat, specifically targeting developers through malicious Visual Studio Code (VS Code) extensions on the Open VSX Registry and Microsoft Extension Marketplace. This supply chain attack has already compromised 14 extensions, leading to approximately 35,800 downloads since October 17, 2025, and is the second such incident in a month. The worm employs advanced evasion techniques, including the Solana blockchain for resilient command-and-control (C2) infrastructure and invisible Unicode characters to conceal malicious code within extensions. Its primary objectives are multi-faceted, aiming to harvest critical credentials (npm, GitHub), drain funds from 49 different cryptocurrency wallet extensions, and establish persistent remote access via SOCKS proxies and hidden VNC (HVNC) servers. The threat is compounded by the auto-update functionality of VS Code extensions, enabling autonomous propagation across the developer ecosystem. This incident underscores a growing trend of self-sustaining supply chain malware and the increasing misuse of blockchain technology for malicious payloads, contributing to an "extremely negative" sentiment and a significant market impact score of 0.7.