Since January 31, 2026, researchers identified at least 72 malicious Open VSX extensions linked to the GlassWorm campaign. On January 30, 2026, four established Open VSX extensions published by the ‘oorzc’ developer account had malicious versions pushed via a compromised publishing token. GlassWorm is an ongoing operation that has repeatedly targeted both Microsoft Visual Studio Marketplace and Open VSX. The malware uses extensionPack and extensionDependencies metadata to create transitive delivery chains — extensions can appear benign and begin serving malware only after trust is established via later updates. Extensions impersonate developer tools including linters, formatters, database utilities, and AI coding assistant integrations. The malicious payload decodes to a multi-stage loader that steals tokens, credentials, and secrets; drains cryptocurrency wallets; and conscripts infected developer endpoints as proxies. Between March 3-9, 2026, approximately 151 GitHub repositories were additionally compromised in a concurrent GlassWorm mass campaign.