A brand new GlassWorm-linked provide chain assault abusing the Open VSX Registry, this time by way of a suspected compromise of a legit writer’s credentials somewhat than typosquatted packages.
The Open VSX safety staff assessed the exercise as per leaked tokens or different unauthorized entry to the publishing pipeline, underscoring how stolen developer credentials might be weaponized to push malicious updates by trusted channels.
On January 30, 2026, 4 long-standing Open VSX extensions maintained underneath the “oorzc” namespace obtained malicious updates embedding the GlassWorm malware loader.
These extensions FTP/SFTP/SSH Sync Software (v0.5.1), I18n Instruments (v1.6.8), vscode mindmap (v1.0.61), and scss to css (v1.3.4) had beforehand operated as legit utilities for greater than two years and collectively amassed over 22,000 downloads on Open VSX previous to the poisoned releases.
Whereas Open VSX exhibits rounded “Okay” values in its UI, Socket’s evaluation of the underlying counts confirms the mixed whole exceeds 22,000 downloads, highlighting the potential publicity amongst builders.
oorzc namespace with 4 revealed extensions (Supply : Socket).The assault chain hinges on a staged loader launched within the newest malicious variations throughout all 4 extensions.
Malicious VSX Packages Found
Every .vsix file accommodates an almost equivalent loader in extension.js that makes use of AES-256-CBC to decrypt an embedded hex-encoded blob after which instantly executes the decrypted content material with eval at runtime.
This design hides the true payload from static inspection, with the important logic solely materializing in reminiscence.
Stage 1 of this decrypted payload performs atmosphere checks to keep away from infecting Russian-language and Russia-adjacent programs, utilizing locale, time zone, and UTC offset indicators as crude geofencing.
Techniques that match Russian indicators are skipped solely, reflecting typical prison OPSEC concerns.
If the host passes these checks, Stage 1 then turns to an uncommon command-and-control mechanism: it resolves its next-stage configuration from Solana blockchain transaction memos.
As a substitute of hardcoding C2 domains, GlassWorm makes use of on-chain memos as a dynamic “useless drop,” permitting the attacker to rotate infrastructure with out republishing the extension.
As soon as the C2 pointer is obtained, the loader focuses its execution path on macOS programs, explicitly checking for Darwin earlier than triggering Stage 2.
That subsequent stage, carried out as a Node.js JavaScript implant, is tailor-made for knowledge theft and persistence on macOS developer endpoints.
Stage 2 creates a working listing underneath /tmp/ijewf, aggregates a variety of delicate artifacts, compresses them into /tmp/out.zip, and exfiltrates the archive to hardcoded IP-based endpoints by way of curl.
The gathering scope is broad: browser cookies, login databases, and type historical past from Chromium-based and Firefox-family browsers, wallet-extension knowledge akin to MetaMask, desktop cryptocurrency pockets information (together with Electrum, Exodus, Atomic, Ledger Reside, Trezor Suite, Binance, and TonKeeper), macOS keychain databases, Apple Notes knowledge, Safari cookies, FortiClient VPN configurations, and focused paperwork from Desktop, Paperwork, and Downloads.
Open-Supply Ecosystem Exploited
Critically, the implant additionally harvests developer-related secrets and techniques, together with ~/.aws credentials and config, and ~/.ssh keys, known_hosts, and configuration information, elevating the chance of cloud account takeover and lateral motion inside enterprise environments.
The payload goes additional by searching for tokens and secrets and techniques utilized in frequent developer workflows. It inspects npm configuration for _authToken values and exhibits conduct per npm token discovery and validation, whereas additionally referencing GitHub authentication artifacts.
Compromised GitHub and npm tokens may permit attackers to hijack personal repositories, entry CI secrets and techniques, poison builds, or push tampered releases downstream, extending the blast radius effectively past a single workstation.
This newest exercise marks a notable evolution from earlier GlassWorm campaigns first reported in October 2025, which leaned closely on typosquatting and brandjacking of fashionable extensions.
In distinction, the present incident abuses a longtime writer account with a multi-year historical past and significant adoption indicators.
The identical “oorzc” writer additionally maintains Visible Studio Market listings with hundreds of installs, reinforcing that the actor focused a trusted id somewhat than fabricating a brand new one.
oorzc on Visible Studio Market (Visible Studio Code) itemizing 4 extensions (Supply : Socket).Socket’s findings concentrate on the Open VSX ecosystem, and there’s no indication on this report that the Visible Studio Market listings themselves had been compromised.
After Socket’s January 30, 2026 disclosure, the Eclipse Basis / Open VSX Registry safety staff moved rapidly.
They eliminated the malicious releases, deactivated two Open VSX tokens related to the writer, and, attributable to repeated malware hits and quite a few variations, eliminated all variations of oorzc.ssh-tools from the registry and positioned it on the Open VSX malware listing, whereas preserving earlier clear variations of the opposite three extensions.
The response illustrates each the pace and the boundaries of registry-side defenses: as soon as developer credentials are stolen, trusted distribution paths might be abused till the compromise is detected and tokens are revoked.
Observe us on Google Information, LinkedIn, and X to Get Immediate Updates and Set GBH as a Most popular Supply in Google.
