Open VSX Supply Chain Attack Exploits Developer Account to Distribute GlassWorm Malware
Cybersecurity experts have recently uncovered a significant supply chain attack targeting the Open VSX Registry, a platform widely used for distributing Visual Studio Code (VS Code) extensions. In this incident, unidentified attackers compromised a legitimate developer’s account to disseminate malicious updates, embedding the GlassWorm malware loader into popular extensions.
On January 30, 2026, four well-established Open VSX extensions authored by oorzc were found to have been updated with malicious versions containing the GlassWorm malware loader. These extensions, previously recognized as legitimate developer tools and collectively amassing over 22,000 downloads, include:
– FTP/SFTP/SSH Sync Tool (oorzc.ssh-tools — version 0.5.1)
– I18n Tools (oorzc.i18n-tools-plus — version 1.6.8)
– vscode mindmap (oorzc.mind-map — version 1.0.61)
– scss to css (oorzc.scss-to-css-compile — version 1.3.4)
The attackers gained access to the developer’s publishing credentials, likely through a leaked token or unauthorized access, allowing them to upload these tainted versions. The Open VSX security team has since removed the compromised extensions from the registry.
The GlassWorm malware loader embedded in these extensions is particularly insidious. It decrypts and executes malicious code at runtime, employing a technique known as EtherHiding to retrieve command-and-control (C2) endpoints. The primary objective is to steal sensitive information, including Apple macOS credentials and cryptocurrency wallet data.
Notably, the malware activates only after profiling the infected machine to ensure it does not have a Russian locale. This behavior is common among malware originating from Russian-speaking regions, aiming to evade domestic law enforcement.
The types of data targeted by the malware encompass:
– Data from Mozilla Firefox and Chromium-based browsers, including logins, cookies, internet history, and wallet extensions like MetaMask.
– Cryptocurrency wallet files from platforms such as Electrum, Exodus, Atomic, Ledger Live, Trezor Suite, Binance, and TonKeeper.
– iCloud Keychain database.
– Safari cookies.
– Data from Apple Notes.
– User documents from Desktop, Documents, and Downloads folders.
– FortiClient VPN configuration files.
– Developer credentials, including ~/.aws and ~/.ssh files.
The targeting of developer credentials is particularly alarming, as it can lead to cloud account compromises and facilitate lateral movement within enterprise environments. The malware includes routines to locate and extract authentication materials used in common workflows, such as npm configuration for _authToken and GitHub authentication artifacts. This access can grant attackers entry to private repositories, continuous integration secrets, and release automation processes.
This attack marks a departure from previous GlassWorm campaigns, which typically relied on typosquatting and brandjacking to distribute malicious extensions. By compromising a legitimate developer’s account, the attackers have demonstrated a more sophisticated approach to infiltrating the supply chain.
The threat actors have seamlessly integrated into normal developer workflows, concealing execution behind encrypted, runtime-decrypted loaders. They utilize Solana memos as dynamic dead drops to rotate staging infrastructure without the need to republish extensions. These tactics diminish the effectiveness of static indicators, shifting the advantage toward behavioral detection and rapid response.
Update:
As of February 2, 2026, three of the aforementioned extensions were still available for download. They have since been removed from Open VSX. However, users who have already installed these extensions will need to wait until the legitimate developer publishes new, higher versions to trigger an auto-update. Even with the extensions removed from the marketplace, they will not uninstall from editors automatically.
