Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

securityweek.com·Apr 28, 2026

More than 70 extensions in the Open VSX marketplace are suspected to be linked to the GlassWorm malware, which is designed to steal sensitive information and credentials. These extensions mimic popular ones to gain trust, with some already activated to deliver malware through future updates.

The key insight for you is the identification of 73 suspicious extensions in the Open VSX marketplace linked to GlassWorm malware, which uses social engineering techniques by cloning popular extensions to gain trust before deploying malicious payloads. This highlights the critical need for enhanced scrutiny of code supply chains and the importance of thorough vetting processes for third-party extensions to mitigate such threats.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Want more content like this?

More from Cybersecurity News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Linux bitten by second severe vulnerability in as many weeks

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor