Self-propagating worm found in marketplaces for Visual Studio Code extensions

A month after a self-propagating worm was discovered in the open source NPM code repository, a similar worm has been found targeting Visual Studio Code extensions in open marketplaces.

Researchers at Israel-based Koi Security say the malware, which they dub GlassWorm, has been found in extensions in the OpenVSX and Microsoft VS Code marketplaces.

“This is one of the most sophisticated supply chain attacks we’ve ever analyzed,” the researchers warn. “And it’s spreading right now.”

If the compromised extensions are folded into code, they harvest NPM, GitHub, and Git credentials left by developers in their work, drain funds from 49 cryptocurrency wallets, deploy SOCKS proxy servers on developer computers, install hidden VNX servers for remote access, and use stolen credentials to compromise additional packages and extensions.

Seven OpenVSX extensions were compromised last week and were downloaded over 35,000 times, the report says. In addition, another infected extension was detected in the VS Code marketplace over the weekend.

The worms in the extensions evade detection using an old technique: Including malware written with Unicode variation selectors. These are special characters that are part of the Unicode specification but don’t produce any visual output.

“To a developer doing code review, it looks like blank lines or whitespace,” says Koi Security. “To static analysis tools scanning for suspicious code, it looks like nothing at all.” But to a JavaScript interpreter, it’s executable code.

“CISOs should treat this as an immediate security incident if their developers use VS Code,” says Tanya Janca, head of the Canadian secure coding training consultancy SheHacksPurple.

“Because extensions inherit full VS Code permissions, once installed they can steal credentials, exfiltrate source code, and enable remote command and control (for example, via VNC and SOCKS proxies). Risk level: Very High.”

CISOs should start their incident response processes immediately, she said, conducting an inventory to see which corporate applications use VS Code, which extensions they contain, and determining if any are on the known affected list.

They should also monitor for suspicious application behavior, she added, specifically strange outgoing connections and processes mentioned in the research, unapproved VNC servers, and long-lived SOCKS proxy processes.

Educate your developers

In the meantime, Janca recommends disabling all application auto-updates, and educating all developers about the situation and the extensions to watch for.

“Block access to the OpenVSX registry and all other untrusted/unknown marketplaces, permanently,” she advises. “Have developers log out of their developer tools and reboot. Revoke and then rotate any credentials that might have been spilled before logging back into everything.”

Follow normal practices for incident response, she concluded: Detect, contain, eradicate, recover.

Marketplaces targeted

The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks.  Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and VS Code marketplaces.

The use of Unicode to hide malware was exposed as recently as last month by researchers at Radware, who found it being used to compromise ChatGPT.

These reports should come as no surprise. Open code marketplaces, where developers can upload code for others to use in their applications, have long been targets for threat actors as vehicles for inserting malicious code into projects. The code then spreads into developer or customer environments to steal credentials and data. Collectively, these are known as supply chain attacks.

Among the most targeted repositories are GitHub, GitLab and NPM.

Microsoft gives developers the ability to add extensions and themes to Visual Studio Code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors and fonts.

Leverages blockchain

Koi Security researchers came across the wormed extension in OpenVSX when their risk engine flagged suspicious activity in an update of an extension called CodeJoy. a developer productivity tool with hundreds of downloads. However, version 1.8.3 introduced some suspicious behavioural changes. The source code included what looked like massive gap between lines that was actually malicious code encoded in unprintable Unicode characters that can’t be viewed in a code editor.

Worse, the malware uses the public Solana blockchain as a command and control infrastructure (C2) for its goal of hunting for login credentials, especially those for crypto wallets. The malware also reaches out to a Google Calendar event as a backup C2 mechanism.

The stolen NPM, GitHub, Git, and OpenVSX credentials also help the malware spread as a worm.

Finally, the malware injects a remote access trojan onto the workstations of victim developers, turning them into SOCKS proxy servers. The workstations can then be used to access an organization’s IT systems, becoming internal network access points, persistent backdoors, proxies for attacking other internal systems and data exfiltration channels.

Developers are ‘prime target’

Developers are a prime target for attacks these days, pointed out Johannes Ullrich, dean of research at the SANS Institute. What they often don’t realize is that any extension they install, even if it appears benign, has full access to their code and may make modifications without explicitly informing the developer.

CISOs must include developers in discussions about securing development tools, he advises. Limiting permitted tools is often counterproductive, as developers will identify workarounds to get work done. Security must cooperate with developers to assist them in using the tools they need securely, and any endpoint protection product needs to be tuned to support the unique usage patterns of developers.

This isn’t just a supply-chain problem, said Will Baxter, field CISO at Team Cymru, it’s a new infrastructure layer merging cyber-crime tooling, blockchain resilience, and developer-tooling pivoting. Registry operators, threat researchers and blockchain-monitoring partners need to share intelligence and work together more closely to flag these hybrid attacks, he added.

More advice to CSOs

Janca says to lower the risk of supply chain attacks, security leaders and application security professionals should:

reduce attack surface whenever possible: Only install features and other software that they use, for instance, uninstall any VS Code extensions that are not used, and remove all unused dependencies from code;

monitor all employee workstations for anomalous behavior, with more focus on those who have privileged access, such as software developers.

apply least privilege for identity and access management, especially for developer machines

implement a fast and efficient change management process that includes software supply chain changes;

train developers on secure coding, protecting their supply chain, and their role during incident response, to help prevent issues like this in the future or to respond faster and more gracefullyThere are various security scanning tools that can be used to reduce risk and catch issues before they become security incidents, such as extension scanners, secret scanners, supply chain security tooling (SCA and SBOM), and endpoint protection;

follow proper secret manage best practices, so that malicious packages like these cannot harvest credentials;

only approved repositories, marketplaces, etc. should be used in an organizations. Block all unknown or untrusted places for downloading code, packages, images, and extensions;

harden the entire software supply chain, not just third-party components and code. This includes regular updates and locking down access to the CI/CD, developer IDEs and workstations, artifacts, and more.

push governments to provide a solution to the very insecure open source software ecosystem that so many of us rely on. Or, give preference closed-source development languages and frameworks, though this, she admits, wouldn’t have helped in this case, as.Net is closed source but VS Code Marketplace is not.