What Happened
Security researchers have identified 73 malicious “sleeper” extensions on the Open VSX marketplace — an open-source alternative to the Visual Studio Code Marketplace used by Eclipse Theia and open-source IDE distributions — linked to the GlassWorm malware campaign. Beginning in April 2026, threat actors published cloned versions of popular extensions that initially appear harmless, accumulating installs before activating their malicious payload through an update.
Six extensions have already activated and deployed malware. Confirmed malicious extensions include those impersonating the Monochromator theme, AutoAntigravity, IronPLC, VS Code Pets, HTML-validate, and Version Lens. Two attack techniques are in use: some extensions bundle hidden .node binary files that download malicious .vsix files from external URLs; others use heavily obfuscated JavaScript that decodes itself at runtime and retrieves a malicious payload from a GitHub release. Once installed, the payload executes through command-line IDE paths, making detection by standard antivirus difficult. Researchers advise any developer who installed extensions from the affected cluster to immediately rotate all secrets and clean their development environments.
Source: BleepingComputer
Why This Matters for Canadian Organizations
Canadian development teams across software companies, government digital services, universities, and cloud operators rely on VS Code and its derivatives as their primary development environment. Open VSX is commonly used in organisations that require open-source IDE alternatives, including many public sector digital teams and developers running Eclipse Theia or code-server in cloud or containerised environments.
The sleeper technique is particularly dangerous for organisations where extension management is decentralised. Developers installing what appears to be a legitimate, well-reviewed extension have no immediate signal of compromise — the malicious behaviour only appears after an update that activates the payload. By that point, the extension has had full access to the developer’s environment: local files, environment variables, SSH keys, cloud provider credential files, and any secrets stored in the IDE workspace.
This follows a well-established GlassWorm attack pattern previously observed across the VS Code Marketplace and npm. The same threat actors have been linked to Cisco’s source code breach and the Checkmarx KICS Docker Hub supply chain attack documented in prior weeks. Canadian development teams — especially those building government digital services or handling regulated data — face PIPEDA breach notification obligations if an infostealer running in a development environment exfiltrates production credentials or customer data.
What to Do
Development teams should audit all Open VSX extensions installed in VS Code, Cursor, Eclipse Theia, and code-server deployments. Cross-reference installed extensions against the six confirmed malicious names and the broader list of 73 flagged by Socket researchers. Remove any suspicious extensions immediately.
For any developer who installed an affected extension, treat the entire workstation as potentially compromised: rotate all API keys, cloud credentials, SSH keys, and tokens accessible from that machine. Check CI/CD pipelines for any credentials accessible through development environment secrets. Apply extension allowlisting policies in enterprise IDE deployments to restrict installation to pre-approved extensions only. Review your organisation’s software supply chain security posture — particularly around developer tooling — in line with CCCS guidance on software supply chain risk.
