Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, where unknown threat actors compromised a legitimate developer account to distribute malicious updates through trusted extensions.
According to Socket security researcher Kirill Boychenko, on January 30, 2026, four well established Open VSX extensions published by a developer identified as “oorzc” were updated with malicious versions embedding the GlassWorm malware loader. These extensions had long been considered legitimate developer utilities, with some first released more than two years ago, and had accumulated over 22,000 downloads before the malicious updates were pushed.
Socket stated that the incident stemmed from the compromise of the developer’s publishing credentials. The Open VSX security team assessed that the attackers likely used a leaked token or other unauthorized access method. All known malicious versions have since been removed from the Open VSX marketplace.
Affected Extensions Identified
The following extensions were confirmed to have been compromised:
- FTP/SFTP/SSH Sync Tool (oorzc.ssh-tools, version 0.5.1)
- I18n Tools (oorzc.i18n-tools-plus, version 1.6.8)
- vscode mindmap (oorzc.mind-map, version 1.0.61)
- scss to css (oorzc.scss-to-css-compile, version 1.3.4)
The poisoned releases were designed to deploy a loader malware linked to the GlassWorm campaign. Once activated, the loader decrypts and executes embedded code at runtime and uses a technique known as EtherHiding to dynamically retrieve command and control endpoints. The final payload is capable of stealing Apple macOS credentials and cryptocurrency wallet data.
Selective Execution and Data Theft Capabilities
Researchers observed that the malware only activates after profiling the infected system. Execution is aborted if the system appears to be configured for a Russian locale, a behavior commonly associated with malware linked to Russian speaking threat actors seeking to avoid domestic legal consequences.
The GlassWorm payload is capable of harvesting a wide range of sensitive data, including:
- Mozilla Firefox and Chromium based browser data, including logins, cookies, browsing history, and wallet extensions such as MetaMask
- Cryptocurrency wallet files from Electrum, Exodus, Atomic, Ledger Live, Trezor Suite, Binance, and TonKeeper
- iCloud Keychain databases
- Safari browser cookies
- Apple Notes data
- User documents from Desktop, Documents, and Downloads directories
- FortiClient VPN configuration files
- Developer credentials such as AWS and SSH keys
The theft of developer related credentials significantly increases risk, as it can enable cloud account compromise and lateral movement within enterprise environments.
Boychenko noted that the malware includes routines to extract authentication material commonly used in development workflows. This includes scanning npm configuration files for authentication tokens and collecting GitHub related credentials that could grant access to private repositories, CI pipelines, secrets, and release automation systems.
A Shift in GlassWorm Distribution Tactics
A notable aspect of this campaign is the use of a compromised legitimate developer account to distribute malware. Previous GlassWorm related activity relied heavily on typosquatting and brand impersonation to lure users into installing fraudulent extensions.
Socket researchers emphasized that the attackers deliberately blended into normal developer workflows, concealed execution behind encrypted loaders that decrypt at runtime, and used Solana blockchain memos as a dynamic dead drop mechanism. This approach allows the attackers to rotate staging infrastructure without republishing extensions, reducing the effectiveness of static indicators and forcing defenders to rely on behavioral detection and rapid response.
Update on Extension Availability
Secure Annex researcher John Tuckner later reported that three of the compromised extensions remained available for download as of February 2, 2026, at 6:30 a.m. UTC. These extensions have since been removed from Open VSX:
- oorzc.mind-map version 1.0.61
- oorzc.i18n-tools-plus version 1.6.8
- oorzc.scss-to-css-compile version 1.3.4
Tuckner cautioned that removal from the marketplace does not automatically uninstall the extensions from user editors. Victims may need to wait until the legitimate developer releases a newer, clean version to trigger an automatic update.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
