Compromised extensions remain public even after exposure, showing how open marketplaces can be abused to distribute malware.

Malicious Listings Still Active

Malicious and hijacked extensions remain publicly available on the OpenVSX marketplace. The screenshots below show several examples, including one where the legitimate author explicitly warns users not to install a compromised version.

In the Better Nunjucks listing, the developer states that version 0.3.2 was not published by them, yet it remains online. This demonstrates how compromised developer accounts and hijacked packages continue to circulate in the open ecosystem

Dormant Projects Reused for Malware

Other listings, such as SerenityOS DSL Syntax Highlight, show a suspicious pattern: a project dormant since 2021 was suddenly updated in October 2025. This aligns with GlassWorm’s observed techniques, where attackers repurpose abandoned developer accounts to distribute infected updates.

New Low-Reputation Extensions

Recently created extensions like Dark Theme appear under low-reputation publishers with few installs and generic descriptions. These low-signal uploads often serve as test cases or distribution points for malicious payloads before they are detected.

Persistence of Risk

These examples show that unverified or hijacked extensions can persist even after public exposure. Developers and AI coding agents pulling from OpenVSX remain at risk through routine extension installs.

Real-Time Protection with Kirin

In the video below, see how Kirin by Knostic detects an infected extension the moment it’s installed. The user is alerted instantly and guided to remove it, stopping the threat before it spreads.

To see how we protect enterprises, developers, and AI coding assistants from attacks like these, visit  https://www.knostic.ai/ai-coding-security-solution-kirin