GlassWorm Evolves: Rust‑Compiled Binaries Hijack VS Code Marketplace

A Second Wave, a New Vector

In October 2025, Koi Research first exposed the GlassWorm campaign, a supply‑chain attack that leveraged invisible Unicode characters in JavaScript to fetch and decrypt malicious payloads from the Solana blockchain. The malware’s command‑and‑control (C2) infrastructure was built on a Solana wallet and a handful of IP addresses that were quietly taken down after the initial disclosure.

A month later, on November 22, the same Solana wallet re‑emerged with a fresh transaction and a new C2 IP. Within days, malicious extensions began appearing again—this time without the tell‑tale invisible characters. Instead, the attackers shipped fully‑compiled Rust binaries that perform the same Solana lookups, AES‑256‑CBC decryption, and payload staging.

From JavaScript to Rust

The classic GlassWorm payload was a JavaScript loader that injected a hidden binary. The new wave replaces that loader entirely. For example, the Iconesvscode extension, a popular icon theme, shipped clean in version 12.15.0 but was replaced in 12.15.1 and 12.15.2 with a 33‑line JavaScript shim that simply loads a native binary:

// Minimal loader in the malicious extension
const os = require("os");
const path = require("path");
const binary = os.platform() === "darwin" ? "darwin.node" : "os.node";
require(path.join(__dirname, binary));

The binaries—darwin.node and os.node—are Node.js addons built with Rust (the project is named rust_implant). Each binary is roughly 2.4 MB and contains all the malicious logic: querying the Solana wallet for C2 instructions, decrypting Base64‑encoded payloads, and executing them. The code is obfuscated by Rust’s native compilation, making static analysis considerably harder.

Koi Research: The macOS binary contains paths such as /Users/davidioasd/Downloads/rust_implant/target/release/deps/librust_implant.dylib/Users/davidioasd/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/http-body-util-0.1.3/src/combinators/collect.rs. The davidioasd string matches patterns we saw in the first wave binaries.

Expanding the Attack Surface

While the original campaign focused on OpenVSX, the new wave also targets Microsoft’s official VS Code marketplace. Clean, legitimate extensions are published first, then updated with the malicious Rust loader. The list of compromised extensions spans a wide range of popular themes, language servers, and tooling—from vscode-icons to clangd and react-native.

The attackers have also embedded a Google Calendar fallback in the binaries, providing an alternate exfiltration channel if the primary Solana‑based C2 is blocked.

Current Status and Outlook

All the malicious extensions have been taken down from both marketplaces. The Solana wallet and the attacker’s infrastructure remain online, and the campaign has shown that takedowns do not halt the threat for long. Koi Research continues to monitor the ecosystem and warns that this is unlikely to be the final wave.

Indicators of Compromise

• Extensions: bphpburn.icons-vscodeclangd, code.clangd-vscodecsvmech, svelte-vscode, tailwindcss-for-react, and many others.
• Rust Binaries (SHA‑256):
  • darwin.node: 026873b940176d103d45b41c9fba73f14cfcaca60e3117be81d2eadef85a4d179
  • os.node: cbb3f830731fe2c9194f7fe5aa55479cffdae184039b0df078b1394209d7a49f29875e74f033c819c1acab58ef08bc35646aab5f4a2747ee0933ca41150d70996ebeb188f3cc3b647c4460c0b8e41b75d057747c662f4cd7912d77deaccfd2f2
• C2 IPs: 217.69.13.229, 45.76.45.151, 45.32.151.157, 107.191.62.170, 104.238.191.54, 108.61.208.161

What Developers and Security Teams Should Do

1. Audit Marketplace Extensions: Verify the integrity of extensions, especially those that have recently been updated. Look for unexpected native binaries.
2. Enable Network Monitoring: Detect outbound traffic to Solana nodes or known C2 IP ranges.
3. Use Code Signing: Ensure that extensions are signed by a trusted publisher and that the signature matches the published source.
4. Leverage Rust‑Aware Static Analysis: Tools that can analyze compiled Rust binaries for known malicious patterns are essential.

A Visual Look

The fake Iconesvscode extension on Koidex, replacing the legitimate theme with a Rust loader.

The authentic vscode‑icons extension on Koidex, showcasing the clean JavaScript implementation.

Final Thoughts

GlassWorm’s transition from obfuscated JavaScript to compiled Rust binaries marks a significant escalation in supply‑chain attack sophistication. By leveraging a native payload, the attackers have sidestepped many traditional detection mechanisms and broadened their reach to the most trusted development ecosystems. Continuous vigilance, combined with advanced binary analysis, will be key to staying ahead of this evolving threat.

Source: Koi Research, GlassWorm Goes Native: Same Infrastructure, Hardened Delivery, https://www.koi.ai/blog/glassworm-goes-native-same-infrastructure-hardened-delivery