Glassworm, Self-Propagating Worm Using Invisible Code Hits Openvsx and Vscode
Posted3 months agoActive2 months ago
koi.aiTechstory
calmnegative
Debate
20/100
MalwareVscodeOpenvsx
Key topics
Malware
Vscode
Openvsx
A new self-propagating worm called GlassWorm has been discovered in the OpenVSX and VSCode marketplaces, using invisible code to evade detection, prompting concerns about the security of popular development tools.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
1h
Peak period
1
0-3h
Avg / period
1
Key moments
- 01Story posted
Oct 20, 2025 at 12:35 AM EDT
3 months ago
Step 01 - 02First comment
Oct 20, 2025 at 1:57 AM EDT
1h after posting
Step 02 - 03Peak activity
1 comments in 0-3h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 21, 2025 at 3:44 PM EDT
2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (4 comments)
Showing 4 comments
gr1nse
2 months ago
1 replyHow is the invisible code done?
Writing Unicode variant selectors VS1–VS256 and then letting them get interpreted as normal Unicode chars?
I do not come to it how it is not visible and selectable but still gets executed like normal...
thenaturalist
2 months ago
It's using Liquid Glass at max transparency... /s
chhaAuthor
3 months ago
Similar to the Shai Hulud attack, but with more sofisticated C2 (blockchain, Google Calendar). It also uses Unicode characters to hide source code in IDEs, harvests ecosystem credentials to infect and publish new versions of packages you have access to, and more.
bmitch3020
2 months ago
Previously submitted at https://news.ycombinator.com/item?id=45647853
View full discussion on Hacker News
ID: 45640206Type: storyLast synced: 11/17/2025, 9:06:10 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.