惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

MyScale Blog
MyScale Blog
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
N
News and Events Feed by Topic
Recent Announcements
Recent Announcements
D
Docker
M
MIT News - Artificial intelligence
L
LangChain Blog
I
InfoQ
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
博客园_首页
MongoDB | Blog
MongoDB | Blog
美团技术团队
S
Schneier on Security
G
GRAHAM CLULEY
月光博客
月光博客
有赞技术团队
有赞技术团队
Vercel News
Vercel News
Scott Helme
Scott Helme
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Recorded Future
Recorded Future
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
Attack and Defense Labs
Attack and Defense Labs
Google Online Security Blog
Google Online Security Blog
Simon Willison's Weblog
Simon Willison's Weblog
量子位
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
Visual Studio Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
N
Netflix TechBlog - Medium
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Spread Privacy
Spread Privacy
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
小众软件
小众软件
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Security Affairs
Cloudbric
Cloudbric
爱范儿
爱范儿
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives

Socket

Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Mu... Next.js moves to scheduled security releases - Socket 11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windo... Compromised npm Packages in the AsyncAPI Namespace Deliver M... jscrambler npm Package Compromised in Supply Chain Attack - ... Fake Braintree NuGet Package Skims Credit Cards and Harvests... Compromised Injective SDK npm Package Exfiltrates Wallet Key... npm v12 Ships With Install Scripts Off by Default, Begins De... Malicious Go Module Exposes GitHub Malware Lure Network Span... pnpm 11.10 Hardens Registry Authentication to Block Token Re... Coordinated npm and PyPI Campaign Typosquats Popular Secure ... Node.js Considers Public Workflow for Security Reports Amid ... PolinRider: North Korea-Linked Supply Chain Campaign Expands... Risky Biz Podcast: AI Agents Are Raising the Stakes for Soft... Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo... Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S... Rolldown Pulls Rust React Compiler Integration After Binary ... Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and Git... Frontier AI Is Now Critical Infrastructure - Socket The Code You Didn't Write Is Still Yours to Defend - Socket GitHub Actions Checkout Now Blocks Risky pull_request_target... Introducing Repository Access Permissions and Custom Roles -... Socket MCP Adds Org Alerts, Threat Feed Review, and Package ... Socket Firewall Now Blocks Malicious VS Code and Open VSX Ex... 140+ Mastra npm Packages Compromised in Coordinated Supply C... npm Package Uses Prompt Injection and Token Flooding to Disr... Introducing Manifest Alerts - Socket GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ... Socket for Linear Is Now Available - Socket US Government Forces Anthropic to Pull Claude Fable Days After Launch 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic Andrew Becherer Joins Socket as Chief Information Security Officer Socket Partners with Replit to Block Malicious Packages in AI-Powered Development npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems pnpm 11.5 Adds Support for Recognizing npm Staged Publishes pnpm 11.5 Adds Support for Recognizing npm Staged Publishes Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Famous Chollima Targets PHP Developers Through Compromised Packagist Package Famous Chollima Targets PHP Developers Through Compromised Packagist Package Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Laravel Lang Compromised with RCE Backdoor Across 700+ Versions Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects AI Has Taken Over Open Source npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor Active Supply Chain Attack Compromises @antv Packages on npm Popular node-ipc npm Package Infected with Credential Stealer TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks Packagist Urges Immediate Composer Update After GitHub Actions Token Leak GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack fsnotify Maintainer Dispute Sparks Supply Chain Concerns Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies PyPI Fixes High-Severity Access Control Issues Found in Security Audit Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack lightning PyPI Package Compromised in Supply Chain Attack Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables SAP CAP npm Packages Hit by Supply Chain Attack Socket Has Acquired Secure Annex Introducing Reachability for PHP Introducing Data Exports Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Introducing Organization Notifications in Socket Introducing Reports: An Extensible Reporting Framework for Socket Data Socket for Jira Is Now Available Socket Named Top Sales Organization by RepVue NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets Socket Selected for OpenAI's Cybersecurity Grant Program Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure Node.js Drops Bug Bounty Rewards After Funding Dries Up The Hidden Blast Radius of the Axios Compromise
73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations
Socket Resea · 2026-04-25 · via Socket

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.

Install

The GlassWorm campaign targeting Open VSX continues to escalate. Socket is now tracking a new cluster of 73 impersonation extensions connected to the same sleeper-extension activity reported in March 2026. Beginning in April 2026, and continuing as of this writing, additional cloned versions of popular code extensions have appeared on the Open VSX marketplace. These extensions did not initially contain malware, but they were published by newly created GitHub accounts with only one or two public repositories. In each case, one repository is empty and named with an eight-character string.

A sleeper extension or package is a threat actor-controlled imposter that is published before it is weaponized. It may appear benign at first, often to build trust, downloads, or credibility, but can later be updated to deliver malware through the normal update path.

At least six of these extensions have already been activated to deliver malware, while the remaining extensions appear to be high-confidence sleepers or related suspicious extensions. This count may change as new updates continue to appear, but the pattern is consistent with earlier GlassWorm waves: cloned or impersonating extensions are first published without an obvious payload, then later updated to deliver malware through the normal extension update path.

This activity follows Socket’s previous reporting on GlassWorm’s shift toward sleeper and transitive delivery techniques, including extensions that appeared benign at publication before later adding malicious dependencies or loaders. In March 2026, Socket documented 72 malicious Open VSX extensions tied to GlassWorm’s abuse of extension relationships. That wave was followed by another set of sleeper extensions that activated and began pulling GitHub-hosted VSIX malware. For this latest cluster, Socket has marked the tracked extensions to protect users while analysis continues.

We are tracking the affected extensions associated with this supply chain attack campaign on our dedicated GlassWorm v2 page: https://socket.dev/supply-chain-attacks/glassworm-v2

Cloned Listings Designed to Look Legitimate#

The impersonation pattern is visible in the way these extensions present themselves on Open VSX. One example is Emotionkyoseparate.turkish-language-pack, which closely mirrors the legitimate MS-CEINTL.vscode-language-pack-tr listing for the Turkish Language Pack for Visual Studio Code. The clone uses the same globe icon, similar naming, the same description, and copied Turkish-language README content, while swapping in a new publisher and unique identifier.

The difference is subtle enough that a developer browsing quickly could miss it. The legitimate extension is published under the expected MS-CEINTL namespace and shows 150K downloads, while the impersonation appears under a newly created publisher with far fewer downloads but otherwise familiar branding. This is the core social engineering pattern behind the latest GlassWorm cluster: cloned listings create enough visual trust to attract installs before any malware is introduced.

Delivery Moving Beyond the Extension Source

In our previous disclosure of the latest wave of Open VSX extensions in the GlassWorm campaign, we documented a shift away from embedding the loader directly in each extension toward abusing extensionPack and extensionDependencies for transitive delivery. This allowed extensions that did not contain any malicious code on their own to install a separate malicious component, often disguised as a utility tool.

We then observed sleeper extensions that activate via updates and retrieve payloads from external sources, including VSIX packages hosted on GitHub. Earlier variants also used Solana transaction memos as a dead-drop channel for runtime payload retrieval, where encoded second-stage payloads were fetched and executed in memory. In those cases, the malicious behavior was still tied to code associated with a specific extension or dependency.

In this latest wave, delivery spans these approaches. Some variants rely on external payload retrieval, others rely on bundled native binaries, including reused installer components seen in prior GlassWorm activity, but the common pattern is that the extension itself acts as a thin loader. The extension’s source code alone no longer reflects the behavior that ultimately runs. By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms, the threat actor increases the likelihood of evading detection.

Example: Native Binary Execution Path

To make this concrete, let us look at the extension’s activation code in boulderzitunnel.vscode-buddies , which simply loads a platform-specific native module and invokes an install() function (e.g., boulderzitunnel.vscode-buddies):

const platforms = { win32: "./bin/win.node", darwin: "./bin/mac.node" };
const target = platforms[process.platform];
if (target) {
  const { install } = require(target);
  install();
}

The core logic is implemented in the bundled .node binary, not the JavaScript. These binaries contain embedded GitHub release URLs to .vsix files and include installation logic (e.g., --install-extension) targeting multiple IDEs such as VS Code, Cursor, and Windsurf.

Example: Obfuscated Runtime Payload Retrieval#

Other variants implement the same pattern entirely in JavaScript, without relying on bundled binaries (e.g., cubedivervolt.html-code-validate). In these extensions, the activation code contains heavily obfuscated code that decodes at runtime to retrieve a .vsix payload from a GitHub release.

The code resolves CLI paths for multiple editors, including VS Code, Cursor, Windsurf, and VSCodium, and installs the downloaded extension using commands such as --install-extension. Some variants also include an encrypted fallback URL that is decoded at runtime.

This approach achieves the same outcome as the binary-based variant, but keeps the delivery logic in obfuscated JavaScript. The extension acts as a loader, while the payload is retrieved and executed after activation.

Indicators of Compromise (IOCs)#

Native Installer Binaries (SHA256)

  1. 1b62b7c2ed7cc296ce821f977ef7b22bae59ef1dcdb9a34ae19467ee39bcf168
  2. 4ebfe8f66ca7e9751060b3301b5e8838d6017593cdae748541de83bfa28183bd

Downloaded VSIX Payload (SHA256)

  1. 97c275e3406ad6576529f41604ad138c5bdc4297d195bf61b049e14f6b30adfd

GitHub Payload Hosting

  1. github[.]com/SquadMagistrate10/wnxtgkih
  2. github[.]com/francesca898/dqwffqw
  3. github[.]com/ColossusQuailPray/oiegjqde

Confirmed Malicious Extensions

  1. outsidestormcommand.monochromator-theme
  2. keyacrosslaud.auto-loop-for-antigravity
  3. krundoven.ironplc-fast-hub
  4. boulderzitunnel.vscode-buddies
  5. cubedivervolt.html-code-validate
  6. winnerdomain17.version-lens-tool

Sleeper Extensions

  1. peldravix.rpgiv2free-live-tool
  2. forkelbat.supersigil-rich-hub
  3. fyltroven.gitchat-fast-tool
  4. syndakove.todo4vcode-quick-suite
  5. vendrakos.rumdl-pro-kit
  6. stadiumgripier.vscode-onedark-theme
  7. wildlightregain.oxc-lint-format
  8. haelthorn.fractal-fast-studio
  9. gastholve.shell-pro-kit
  10. tossbers.browser-open-tool
  11. pranlokev.topmodel-fast-suite
  12. weldforick.brightscript-pro-kit
  13. stelbavik.hledger-fast-tool
  14. brixmundo.eca-easy-tool
  15. shinypy.pycode-formatter
  16. carveltstone.chatbuddy-auto-suite
  17. thunderprosecutor.autopep8-formatter
  18. spikearshock.csv-rainbow
  19. countrepresent49.code-image-preview
  20. lairinspectortrek70.todo-highlighter
  21. superneentrance.peacock-colors
  22. epichipporedeem.prettier-eslint-formatter
  23. archchainturn.twinny-ai-assist
  24. spacesalamanderhook.italian-language-pack
  25. closedtierenchant.vscode-awesome-icons
  26. emotionkyoseparate.turkish-language-pack
  27. sremuven.beautify-super-lens
  28. goltikov.auto-rich-forge
  29. karnikov.better-rich-studio
  30. trenarin.autodocstring-auto-studio
  31. meldarin.biome-live-tool
  32. gronarin.auto-super-kit
  33. keltarin.android-deep-hub
  34. tralaven.c-easy-tool
  35. meltovik.bookmark-rich-tool
  36. seldovik.cmake-smart-pilot
  37. veldekov.csv-pro-suite
  38. brenaven.cursor-rich-helper
  39. karnenko.cursorless-pro-pilot
  40. faldenko.explorer-auto-hub
  41. vornovin.ionic-easy-kit
  42. tormekov.htmlmustache-fast-craft
  43. dalsoven.intellij-live-pilot
  44. krosarin.npm-fast-studio
  45. meltuven.graphql-pro-tool
  46. veltarik.duplicate-fast-helper
  47. tralarin.firefox-rich-lens
  48. brixovik.es7-quick-hub
  49. krosovik.laravel-quick-pilot
  50. grisaven.markdown-live-kit
  51. dranaven.flask-live-craft
  52. drovenko.data-live-suite
  53. krosaven.dot-live-forge
  54. sremekov.javascriptsnippets-rich-craft
  55. breluven.html-smart-suite
  56. trikarin.database-super-tool
  57. sremovik.dendron-deep-hub
  58. dalsovik.dbclient-quick-suite
  59. frelovin.gitpod-deep-helper
  60. mrekelid.manpages-fast-kit
  61. kuldaran.search-smart-forge
  62. prednovik.php-super-pilot
  63. tagovich.zener-pro-craft
  64. grozdarov.jinjahtml-easy-studio
  65. shiverov.open-smart-suite
  66. draconzal.phpstan-easy-hub
  67. marabenov.graphql-super-craft