73 Fake VS Code Extensions on Open VSX Deliver GlassWorm v2 Infostealer

Researchers flagged 73 fake Visual Studio Code extensions on the Open VSX repository linked to a persistent infostealer campaign dubbed GlassWorm. The extensions are cloned versions of legitimate ones; six are confirmed malicious, with the rest acting as distribution infrastructure.

Open VSX is used by VS Code-compatible editors including VSCodium and Eclipse Theia, making it a target distinct from the official VS Code Marketplace. Developers using these editors should audit installed extensions, cross-reference publisher identities against official Marketplace listings, and remove anything recently installed from Open VSX that cannot be verified. GlassWorm v2 targets developer credentials and secrets stored in IDE configuration.