GlassWorm Returns With a Second Wave — The Supply Chain Attack Expands From GitHub to npm Packages and VSCode Extensions
The invisible Unicode malware campaign that hit 151 Python repos has evolved, with security researchers detecting coordinated injections across npm, GitHub, and VSCode/OpenVSX extension marketplaces.
The Worm Didn't Stop at Python
Security researchers tracking the GlassWorm supply chain campaign have confirmed that the threat actors behind the initial Python repository attacks have launched a coordinated second wave — this time targeting npm packages, GitHub repositories across multiple languages, and extensions on the VSCode and OpenVSX marketplaces. The expanded campaign was detected in the week of March 15-18 and represents a significant escalation in both scope and sophistication.
The original GlassWorm attack, discovered by Aikido Security in early March, used invisible Private Use Area Unicode characters to inject malware into 151 Python repositories. The second wave uses the same core technique but has adapted it for JavaScript and TypeScript codebases distributed through npm, as well as browser and editor extensions that developers install from marketplace platforms they implicitly trust.
Why Extension Marketplaces Are the New Target
The pivot to VSCode extensions is particularly concerning. Developers install extensions to enhance their code editors, and these extensions typically run with broad permissions — access to the file system, network requests, and the ability to execute code. A compromised extension can read every file a developer opens, capture credentials typed into terminal windows, and exfiltrate code from private repositories — all while appearing as a legitimate productivity tool.
The GlassWorm operators appear to have created both malicious extensions from scratch and compromised existing popular extensions through the same stolen-token, force-push technique used in the Python wave. Security researchers have identified injections in extensions with combined install counts exceeding 50,000 users.
Defending Against the Expanding Threat
The security community has responded rapidly. GitHub has accelerated its token revocation efforts, npm has implemented additional scanning for Unicode obfuscation patterns, and both the VSCode Marketplace and OpenVSX registry are reviewing flagged extensions. Microsoft has published guidance for developers on auditing their installed extensions and identifying potentially compromised packages.
For development teams, the immediate action items remain consistent with the first wave: enforce branch protection rules, rotate credentials, audit installed dependencies and extensions, and implement automated supply chain monitoring. The GlassWorm campaign demonstrates that supply chain attacks are no longer limited to a single ecosystem — once a technique proves effective, threat actors will adapt it across every distribution channel developers rely on.
Sources: The Hacker News (March 18, 2026), SecurityWeek (March 2026), BleepingComputer (March 18, 2026), StepSecurity (March 2026)