We’ve published YARA signatures to detect GlassWorm, a self-propagating worm first reported by Koi Security that targets the Visual Studio Code ecosystem through OpenVSX and other extension supply chains. 

Threat Overview

GlassWorm weaponizes VS Code extensions and hides loader logic with invisible Unicode characters to evade review. Once active, it steals developer credentials (npm, GitHub, OpenVSX tokens) and targets 49 cryptocurrency-wallet extensions. Using stolen credentials, it then propagates by compromising and republishing extensions on OpenVSX (and other marketplaces). Its command-and-control (C2) leverages the Solana blockchain via memo fields to fetch next-stage payloads.

Detection Coverage

Our YARA rules address the following GlassWorm techniques and behaviors:

• Blockchain C2 Detection: Flags Solana blockchain-based command-and-control infrastructure.

• Credential Harvesting: Identifies patterns tied to npm, GitHub, OpenVSX, Git, and SSH credential theft.

• RAT Capabilities: Detects remote-access features, including SOCKS proxy and VNC components.

• Self-Propagation: Recognizes automated package publishing and worm-spread mechanisms.

• Crypto Wallet Targeting: Detects code referencing 49+ cryptocurrency wallet extensions.

• Unicode Stealth: Identifies invisible Unicode variation selectors used to hide malicious logic.

• Google Calendar C2: Detects Google Calendar API usage for fallback command and control.

These rules are not perfect and can be fine-tuned further, but they should help get the job done.
Repository: https://github.com/knostic/open-tools/tree/main/glassworm_yara

Defensive Implications

AI coding tools have become privileged, high-value targets, marking the next major attack surface after browsers and endpoints.

To see how Knostic protects enterprises, developers, and AI coding agents from attacks like GlassWorm, visit https://www.knostic.ai/ai-coding-security-solution-kirin.