Cybersecurity researchers have revealed details of a supply chain attack targeting the Open VSX registry. In this attack, an unknown attacker compromised legitimate developer resources and pushed malicious updates to downstream users.
“On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embedded the GlassWorm malware loader,” socket security researcher Kirill Boychenko said in a report on Saturday.
“These extensions had previously been presented as legitimate developer utilities (some of which were first published over two years ago) and had accumulated over 22,000 Open VSX downloads in total before their malicious release.”
The supply chain security firm said the supply chain attack included the compromise of a developer’s public credentials, and the Open VSX security team assessed the incident as involving the use of either leaked tokens or other unauthorized access. The malicious version has since been removed from Open VSX.
The list of identified extensions is below –
FTP/SFTP/SSH synchronization tools (oorzc.ssh-tools — version 0.5.1) I18n tools (oorzc.i18n-tools-plus — version 1.6.8) vscode mindmap (oorzc.mind-map — version 1.0.61) scss to css (oorzc.scss-to-css-compile — version 1.3.4)
According to Socket, the poisoned version is designed to deliver loader malware associated with a known campaign called GlassWorm. This loader has built-in decryption and execution capabilities at runtime, and uses an increasingly weaponized technique called EtherHiding to obtain command and control (C2) endpoints and ultimately execute code designed to steal Apple macOS credentials and cryptocurrency wallet data.
At the same time, the malware exploded only after the compromised machine was profiled and determined to be incompatible with Russian locales. This is a common pattern for malicious programs originating from or associated with Russian-speaking attackers to avoid domestic prosecution.
The types of information collected by malware include:
Data from Mozilla Firefox and Chromium-based browsers (logins, cookies, internet history, wallet extensions such as MetaMask) Cryptocurrency wallet files (Electrum, Exodus, Atomic, Ledger Live, Trezor Suite, Binance, TonKeeper) iCloud Keychain database Safari cookies Data from Apple Notes user documents in the Desktop, Documents, and Downloads folders FortiClient VPN configuration files Developer credentials (e.g. ~/.aws and ~/.ssh)
Targeting developer information poses significant risks as it exposes enterprise environments to potential cloud account compromise and lateral movement attacks.
“The payload contains routines to find and extract authentication material used in common workflows, such as inspecting npm settings for _authToken and referencing GitHub authentication artifacts that can provide access to private repositories, CI secrets, and release automation,” Boychenko said.
An important aspect of this attack is that it differs from previously observed manifestations of GlassWorm in that it leverages the compromised accounts of legitimate developers to distribute the malware. In previous examples, the attackers behind the campaign used typosquatting and brandjacking to upload and subsequently spread malicious extensions.
“Threat actors blend into normal developer workflows, hiding execution behind loaders that are encrypted and decrypted at runtime, and use Solana notes as dynamic dead drops to rotate staging infrastructure without republishing extensions,” Socket said. “These design choices reduce the value of static indicators and shift the defender’s advantage to behavioral detection and rapid response.”
Source link
