Threat actors compromised the Open VSX Registry on January 30, 2026, pushing malicious updates to four trusted VS Code extensions with over 22,000 combined downloads. The attack targeted macOS developers through extensions that had been considered safe for more than two years.
Security researchers from Socket identified the supply chain breach, which involved hijacking the legitimate developer account "oorzc." The compromised extensions included FTP/SFTP/SSH Sync Tool, I18n Tools, vscode mindmap, and scss to css. These tools had established trust within the development community before the January 30 compromise.
The GlassWorm malware loader activates only on macOS systems, explicitly excluding machines with Russian-language locales. This targeting pattern suggests Russian-speaking threat actors behind the campaign, according to multiple security reports.
Once installed, the malware establishes persistence through a LaunchAgent that runs at every user login.
GlassWorm steals credentials, cryptocurrency wallet information, browser data, and sensitive developer configuration files. The malware harvests data from Mozilla Firefox, Chromium-based browsers, and the iCloud Keychain database. It also targets AWS and SSH credentials, increasing the risk of account compromise and lateral movement.
The attack uses Solana blockchain transaction memos for command-and-control resolution, allowing attackers to rotate infrastructure without pushing new malicious updates. This technique reduces reliance on static indicators and makes traditional detection methods less effective, security researchers noted.
Open VSX, an open-source alternative to Microsoft's Visual Studio Marketplace, serves more than 10 million developers according to security professionals. The registry's security team assessed the incident as involving leaked tokens or unauthorized publishing access.
They removed the malicious releases and revoked compromised publishing credentials.
Socket's security research team detected the anomalous behavior within 24 hours of the malicious publications. The Open VSX security team confirmed unauthorized activity and deactivated the publisher's two Open VSX tokens. Three of the affected extensions remained available for download as of February 2, 2026, before complete removal.
Developers who installed the affected versions should manually uninstall the extensions from their editors, since removal from the marketplace doesn't trigger automatic uninstallation. Security experts recommend reviewing installed extensions and implementing stricter extension management policies within development environments.
The GlassWorm campaign represents a significant escalation in Open VSX supply chain abuse, blending into normal developer workflows and hiding execution behind encrypted, runtime-decrypted loaders. The operation shows advanced persistence techniques and careful targeting that makes detection difficult even for experienced security professionals.
