Quartz extension hid Glassworm payload

On March 12, 2026, a VS Code Marketplace extension called quartz.quartz-markdown-editor published version 0.3.0 carrying a payload no reviewer could see. Aikido, which catalogued the release the next day, said the extension was the Marketplace face of a fresh Glassworm wave that also reached more than 150 GitHub repositories and a pair of npm packages, a sign the campaign was no longer confined to any single registry.

The technique was familiar from earlier Glassworm samples. Executable bytes were encoded into invisible Unicode variation selectors so that the JavaScript on screen read as a harmless empty string. At runtime a loader decoded the hidden characters and passed the result to eval(). Earlier Glassworm stages fetched follow-on code through Solana-based dead drops and targeted tokens, cloud credentials, and other developer secrets.

This record covers the VS Code extension artifact. The shared technique, the March 3-9 GitHub repository compromises, and the npm spread are tracked under [[glassworm-march-2026]].

The extension channel made the attack especially quiet. A developer could receive the compromised version through the normal Marketplace update path, then run the hidden JavaScript inside an editor session that already had workspace files, shell state, and project credentials nearby.

Motive

Credential Theft

Attribution

Group

Cause

Malicious Injection

Transitive

No

Actor

Third Party

• GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructureaikido.dev