--- source_url: "https://socket.dev/blog/glasswasm-malware-open-vsx-extensions" ingested: 2026-06-26 sha256: 6d27271d43d34d6f --- sha256: 11d966b01c3ccef8 --- title: "GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions" source_url: https://socket.dev/blog/glasswasm-malware-open-vsx-extensions source: newsletter ingested: 2026-06-19 --- # GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions Published Time: 2026-06-15T21:30:37.164Z Markdown Content: ![Image 1: Sidebar CTA Background](http://socket.dev/_next/image?url=%2Fimages%2Fsidebar-cta-bg.png&w=3840&q=75) #### Secure your dependencies with us Socket proactively blocks malicious open source packages in your code. [Install](http://socket.dev/features/github) Socket’s Threat Research team discovered compiled WebAssembly malware embedded in trojanized code extensions for Visual Studio Code. At the time of publication, we identified the following affected package versions on the Open VSX marketplace: * [`exargd/vsblack@0.0.1`](https://socket.dev/openvsx/package/exargd.vsblack/overview/0.0.1?platform=universal) * [`noellee-doc/flint-debug@0.1.1`](https://socket.dev/openvsx/package/noellee-doc.flint-debug/overview/0.1.1?platform=universal) These extensions ship a WebAssembly payload behind a renamed TinyGo loader, and both auto-execute it on extension activation via an appended bootstrap that instantiates the module with `go.run()`. The fake-utility framing (a theme; a "transaction hash" debugger) is social-engineering cover; the debugger variant even themes its UI around blockchain "transaction" debugging to fit its crypto-targeting payload. `snqpkebiwrxmoivl.wasm` is a WebAssembly module compiled from Go with **TinyGo** for the `js/wasm` target, meaning it is designed to be loaded and executed by a JavaScript host. The WASM module contains no plaintext network indicators, URLs, or commands; every string of consequence is encrypted in the binary with a ChaCha20 cipher and reconstructed in memory only at runtime. This makes it difficult to detect by signatures simply using natural language or readable strings. Once deobfuscated, the module's purpose is unambiguous. It polls the **Solana** mainnet JSON-RPC API for transactions sent to an attacker-controlled wallet, reads the attacker's instructions out of the on-chain SPL Memo field, and uses that to build and execute an OS-specific download-and-execute command via Node's `child_process`. The Solana blockchain is used as a takedown-resistant command-and-control (C2) dead-drop: there is no hardcoded server to seize or sinkhole, and the operator can rotate second-stage infrastructure simply by posting a new transaction. This report documents the attack chain, including the live RPC endpoint, the watched wallet address, the memo program IDs, Command and Control, and the verbatim shell/PowerShell payload templates which execute the next stage of malware. Due to significant overlap in tradecraft and targeted platforms, as well as some key shared artifacts, we attribute this campaign with medium confidence to the **GlassWorm** developer. However, the use of WebAssembly/TinyGo ****as a stager suggests a new pivot to binary loading for obfuscation purposes. We have labeled this family “**GlassWASM**” to highlight this connection. ## Extension Impersonation[#](http://socket.dev/blog/glasswasm-malware-open-vsx-extensions#Extension-Impersonation) The two carriers are trojanized clones of legitimate, verified VS Code Marketplace extensions, re-published on the Open VSX registry under impersonated publisher namespaces. A single Open VSX account,**`zaitoona43`**(GitHub UID 291961103,`github[.]com/zaitoona43`), uploaded both:`ExarGD/vsblack@0.0.1`on 2026-06-09 and`noellee-doc/flint-debug@0.1.1`on 2026-06-10. Zaitoona43’s Github account was only 3 days old at the time of publication: ![Image 2: ](https://cdn.sanity.io/images/cgdhsj6q/production/a7ddc0f8dfab8a2ee779057ef64c5906c1550d07-1289x695.png?w=1600&q=95&fit=max&auto=format) The originals are low-profile, long-dormant open source projects whose authors are unlikely to be monitoring Open VSX:`ExarGD.vsblack`is a black-background variant of the popular`dunstontc.dark-plus-syntax`theme, published to the VS Code Marketplace in**July 2019**(repo`github[.]com/ExarGD/VSBlack-Theme`, since renamed`kainarchai/VSBlack-Theme`). `noellee-doc.flint-debug`is an academic Ethereum/Flint smart-contract debugger by Noel Lee of Imperial College, published in**June 2020**(repo`github[.]com/noellee/vscode-flint-debug`). ![Image 3: ](https://cdn.sanity.io/images/cgdhsj6q/production/570c36dce693d7e6fce329db5e4f36c0b1c97d6f-1139x916.png?w=1600&q=95&fit=max&auto=format) Each malicious clone reproduces its target's exact publisher ID, extension name, version string, description, README, and even the original author's GitHub repository links, then adds the ChaCha20-obfuscated WASM payload and an`onStartupFinished`activation hook that runs it. ![Image 4: ](https://cdn.sanity.io/images/cgdhsj6q/production/3696bd1e17ba2bf5a1bccd706f5a33158e09fc54-1139x695.png?w=1600&q=95&fit=max&auto=format) This is**identity impersonation that exploits a cross-registry trust gap, not typosquatting.** The publisher and extension names are identical to the originals. The VS Code Marketplace binds a publisher ID to a verified owner, so an attacker cannot re-use`noellee-doc`or`ExarGD`there; the genuine listings remain clean (`noellee-doc.flint-debug`v0.1.1 last updated June 2020;`ExarGD.vsblack`v0.0.1 from July 2019). Open VSX highlights `zaitoona43`as the publisher of those identically named and identically versioned packages. But a developer who finds "Flint Debug 0.1.1" or "VSBlack 0.0.1" on Open VSX — the default registry for VSCodium, Gitpod, Cursor, Windsurf, and other VS Code forks — sees a name, version, description, and repo link that all match the trusted Marketplace listing. The targets are telling: the Flint debugger's blockchain / "transaction hash" framing aligns with the payload's crypto-developer focus. We reported these packages and the malicious publisher to the Open VSX security team, who reacted quickly to remove them from the registry. * **SHA-256:**`558b4f1d9a263c13756ab0126c09dd080c85ba405b29488e1c4e6aa68b554f1f` * **SHA-1:**`8ebac142e34a20c297d3ccaca7ee5d9ddd24fed4` * **MD5:**`4e143876eeaf5e767a9971f603b0f13c` * **Size:** 824,552 bytes * **Format:** WebAssembly MVP (v1), validates clean * **Toolchain:** TinyGo → `js/wasm` target * **Functions:** 478 (Code section) * **Data segments:** 45 (uses bulk-memory `DataCount`) * **Obfuscation:** ChaCha20 string encryption; debug/name section stripped * **Host required:** JavaScript runtime (Node.js / browser) via `syscall/js` bridge The toolchain fingerprint is distinctive. The import table contains the TinyGo `gojs` bridge and the runtime tick functions, and the export table contains TinyGo's asyncify-based goroutine scheduler: ``` # Imports (wasm-objdump -j Import -x) — 17 total wasi_snapshot_preview1.proc_exit wasi_snapshot_preview1.fd_write wasi_snapshot_preview1.random_get gojs.runtime.ticks gojs.runtime.sleepTicks gojs.syscall/js.valueGet gojs.syscall/js.valueCall gojs.syscall/js.valueInvoke gojs.syscall/js.valueNew gojs.syscall/js.valueSet (+ valueSetIndex, valueIndex, valueLength, gojs.syscall/js.stringVal stringVal, valuePrepareString, valueLoadString, finalizeRef) # Exports (wasm-objdump -j Export -x) _start, malloc, free, calloc, realloc, resume, go_scheduler, asyncify_start_unwind, asyncify_stop_rewind, asyncify_start_rewind, asyncify_stop_unwind, asyncify_get_state, ... ``` The presence of the `gojs.syscall/js.*` imports (rather than a pure WASI surface) is the key behavioral fact: this module **cannot perform any I/O on its own.** It has no network or filesystem syscalls. Everything it does — fetching from the network, spawning processes — is delegated to the JavaScript host through `valueCall` / `valueInvoke` / `valueNew`. The `.wasm` is the obfuscated logic core; a loader script (the TinyGo `wasm_exec.js` glue plus an invocation shim) is the required other half. ## Obfuscation Analysis[#](http://socket.dev/blog/glasswasm-malware-open-vsx-extensions#Obfuscation-Analysis) The single most important static observation is **what is missing**. A full-file sweep for network i