The GlassWorm supply chain attack campaign has evolved into a sophisticated threat targeting UK software development teams through Visual Studio Code extension dependencies. Since January 2026, security researchers have identified 72 malicious extensions exploiting the 'transitive delivery' model, where attackers publish legitimate-looking extensions before updating them to pull malware-laden dependencies.
GlassWorm represents a new class of supply chain attack that exploits the trust relationship between developers and their coding tools. Rather than directly compromising popular extensions, attackers create seemingly benign tools, build user trust over time, then push updates that pull malicious dependencies from external repositories.
Key Facts:
- 72 new malicious VS Code extensions discovered since January 2026
- Attackers use 'transitive delivery' to bypass initial security screening
- AI coding assistants particularly targeted due to broad system access
- Campaign specifically focuses on software teams in financial and technology sectors
The Transitive Delivery Attack Vector
According to reporting from CSO Online, the GlassWorm campaign exploits VS Code's extension dependency system to deliver malware through legitimate-appearing tools. Attackers publish clean extensions to the Open VSX registry, accumulate downloads and positive reviews, then push updates that reference malicious dependencies hosted on external package repositories.
This approach bypasses traditional security screening because the initial extension code appears benign. The malicious payload only arrives when the extension automatically updates and pulls compromised dependencies. For UK development teams increasingly reliant on AI-powered coding assistants, this attack vector poses particular risk due to these tools' broad system access requirements.
The NCSC has previously warned about supply chain vulnerabilities in development environments, noting that compromised developer tools can provide attackers with access to source code, credentials, and production systems across an organisation's entire software portfolio.
Why UK Software Teams Face Heightened Risk
UK software development teams present attractive targets due to their concentration in high-value sectors including fintech, healthcare technology, and government digital services. The campaign specifically targets organisations using AI coding assistants, which require extensive permissions to access codebases, version control systems, and cloud infrastructure.
Recent analysis shows UK developers adopt VS Code extensions at higher rates than their European counterparts, driven by the rapid integration of AI development tools. This adoption pattern creates a larger attack surface, particularly when combined with the relaxed vetting processes for cloud credentials that many organisations employ for developer productivity tools.
The timing coincides with increased regulatory scrutiny following NIS2 implementation, where organisations must demonstrate supply chain security including development tool governance. Compromised developer environments can cascade into production systems, creating compliance violations alongside operational disruption.
How the Dependency Abuse Works
The GlassWorm campaign operates through a three-stage process that exploits developer trust mechanisms. Attackers first publish legitimate extensions with useful functionality, often targeting popular development workflows like code formatting or project management. These tools function correctly and accumulate positive user feedback over weeks or months.
Once an extension gains adoption, attackers push updates that introduce new dependencies hosted on compromised package repositories. The malicious dependencies contain information-stealing malware designed to harvest credentials, source code, and development environment configurations. Because VS Code automatically updates extensions by default, users receive the compromised version without explicit consent.
The malware specifically targets development-related credentials including Git tokens, cloud service keys, and database connection strings. This information enables lateral movement into production environments, turning a single compromised developer workstation into enterprise-wide system access.
Boardroom Questions
What inventory exists of all development tools and extensions used across our software teams, and who approves new tool adoption?
How do we monitor and control automatic updates for developer tools, particularly those with access to source code and cloud infrastructure?
What incident response procedures exist specifically for compromised development environments, including credential rotation and code integrity verification?
Quick Diagnostic
Do you maintain an approved list of development tools and extensions that requires management approval for additions?
Have you disabled automatic updates for VS Code extensions and implemented a controlled update process?
Do you regularly audit development environment access to production systems and rotate associated credentials?
Related Reading
86% of UK Businesses Don't Check Supplier Security โ NCSC data reveals alarming security gaps as supply chain attacks surge 50%, with manufacturing firms particularly vulner
Fake VPN Downloads Stealing UK Corporate Credentials Through SEO Trickery โ Storm-2561 cybercriminals are manipulating Google search results to distribute signed malware disguised as legitimate VP
HR Departments Under Siege From 'BlackSanta' EDR-Killer Campaign โ Russian malware campaign exploits recruitment workflows to disable security tools. HR departments become the new front l
Strengthen your organisation's security posture