A recent discovery of malicious VS Code extensions has led to the removal of these potentially harmful tools used by cybercriminals to steal crypto and GitHub credentials. The GlassWorm campaign, a sophisticated malware operation, is believed to have affected 49 cryptocurrency wallet extensions, resulting in financial losses for users. cybersecurity experts at Koi Security identified these malicious extensions in October 2025 and promptly took action to mitigate immediate threats. Their discovery exposed vulnerabilities within the VS Code extension ecosystem and highlighted the critical need for enhanced supply-chain security measures within the digital economy.