GlassWorm was spread by an open VSX supply chain attack using a compromised development account.

Details of a supply chain attack that targeted the Open VSX Registry have been made public by cybersecurity researchers. In this attack, unknown threat actors gained access to a legitimate developer's resources in order to distribute malicious updates to users downstream. In a report published on Saturday, Socket security researcher Kirill Boychenko stated, "On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm malware loader."

Before the malicious releases, "these extensions had been presented as legitimate developer utilities (some first published more than two years ago) and collectively accumulated over 22,000 Open VSX downloads." The Open VSX security team evaluated the incident as involving the use of either a leaked token or other unauthorized access, according to the supply chain security company, which claimed that the supply chain attack involved the compromise of the developer's publishing credentials. Since then, the Open VSX has eliminated the malicious versions.

The FTP/SFTP/SSH Sync Tool (oorzc.ssh-tools — version 0.5) is the list of recognized extensions.1) I18n Tools (oorzc.i18n-tools-plus — version 1.6.8) vscode mindmap (oorzc.mind-map — version 1.0.61) scss to css (oorzc.scss-to-css-compile — version 1.3. (4) According to Socket, the poisoned versions are intended to spread loader malware linked to a well-known campaign known as GlassWorm. The loader can decrypt and run embedded at runtime, fetch command-and-control (C2) endpoints using an increasingly weaponized technique called EtherHiding, and then execute code intended to steal cryptocurrency wallet data and Apple macOS credentials.

At the same time, the malware is detonated only after the compromised machine has been profiled, and it has been determined that it does not correspond to a Russian locale, a pattern commonly observed in malicious programs originating from or affiliated with Russian-speaking threat actors to avoid domestic prosecution.

Data from Mozilla Firefox and Chromium-based browsers (logins, cookies, internet history, and wallet extensions like MetaMask) and cryptocurrency wallet files (Electrum, Exodus, Atomic, Ledger Live, Trezor Suite, Binance, and TonKeeper) are among the types of information that the malware gathers. iCloud Keychain database Safari cookies Apple Notes user documents from the Desktop, Documents, and Downloads folders FortiClient VPN configuration files Developer credentials (such as ~/.aws and ~/.ssh) The targeting of developer information poses severe risks as it exposes enterprise environments to potential cloud account compromise and lateral movement attacks.

"The payload includes routines to locate and extract authentication material used in common workflows, including inspecting npm configuration for _authToken and referencing GitHub authentication artifacts, which can provide access to private repositories, CI secrets, and release automation," Boychenko said. One important feature of the attack is that it differs from GlassWorm indicators that have been seen in the past by using a compromised account of a legitimate developer to spread the malware. The campaign's threat actors have previously used brandjacking and typosquatting to upload fraudulent extensions for later spread.

According to Socket, "the threat actor uses Solana memos as a dynamic dead drop to rotate staging infrastructure without republishing extensions, blends into regular developer workflows, and conceals execution behind encrypted, runtime-decrypted loaders."

"These design choices reduce the value of static indicators and shift defender advantage toward behavioral detection and rapid response."