The Open VSX Registry was the target of a supply chain attack on January 30, 2026 This article explores extension used malware. . The publishing credentials of a developer for the "oorzc" account were compromised by attackers.

As a result, they were able to distribute malicious versions of four genuine VS Code extensions. With a total of over 22,000 downloads, these tools had developed trust over the years. At first, the extensions appeared to be innocuous. They contained tools for internationalization, mind mapping, SCSS compilation, and FTP/SFTP sync.

However, a GlassWorm malware loader was concealed in later versions. It was evaluated by Open VSX as either unauthorized access or leaked tokens. The Eclipse Foundation and maintainer were notified by socket. They swiftly removed malicious versions, blacklisted one extension, and deactivated tokens.

GlassWorm's strategies are intensified by this attack. Typosquatting was used in earlier waves. Here, a well-known publisher was taken over by attackers.

With thousands of installs, the same "oorzc" account runs clean extensions on Visual Studio Marketplace. This demonstrates how reach is increased by trusted identities. Details of the Attack Chain and Payload A staged loader in extension is used by malware.AES-256-CBC is used in Stage 0 to decrypt a hex blob.

It employs IV and a hardcoded key ("wDO6YyTm6DL0T0zJ0SXhUql5Mo0pdlSz") before using eval(). Stage 1 examines the surroundings. Russian systems that check locales like "ru_RU," Moscow timezone, or UTC offsets of 2–12 hours are bypassed. It retrieves C2 data from a Solana transaction memo at address BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC if it is clear.

Attackers can update servers without republishing thanks to this dynamic dead drop. It retrieves Stage 2 on macOS (os.platform() == "darwin"). This Node.js script continues to steal data.

Targets of key theft: Open VSX Downloads with the Extension Name Malicious Version Important Features Oorzc.ssh-tools v0.5.1 was stolen around 17,000 GitHub artifacts oorzc.i18n-tools-plus v1.6.8 ~3,600, npm tokens, SSH keys (~/.ssh), and AWS credentials (~/.aws) MetaMask data, browser cookies (Chrome/Firefox), and cryptocurrency wallets (Electrum, Exodus) oorzc.mind-map v1.0.61 ~3,200 Safari cookies, Apple Notes, Keychain DB, and FortiClient VPN configurations oorzc.scss-to-css-compile v1.3.4 ~1,300 Ledger Live/Trezor/Binance wallets, desktop/document files Files in /tmp/ijewf are staged in stage two. It retrieves wallet files (Atomic, TonKeeper), browser data (cookies, logins, history), keychains, Notes databases, and documents from Desktop/Downloads. Developer focus is crucial: cloud jumps are made possible by AWS/SSH configurations; repo takeovers and CI abuse are risks associated with npm/GitHub tokens.

It uses curl to exfil to 45.32.150.251 (/p2p, /2p) after zipping data to /tmp/out.zip.2. LaunchAgent plist (~Library/LaunchAgents/com.user.nodestart.plist) provides persistence and relaunches at login.

Since October 2025, GlassWorm has affected Open VSX. Although "invisible" code tricks were mentioned in early reports, encrypted loaders are now the cause. It's credential chaining, not actual worming.

Steps for Protection and Reaction Eclipse praised their coordination and moved quickly. Socket connects this to thirteen earlier GlassWorm extensions. Users: Remove the specified extensions. Get rid of artifacts.

Scan LaunchAgents and /tmp/ijew on macOS.The f. Rotate everything: AWS/SSH keys after GitHub/npm tokens. Check repos for strange commits. Prevent: Use the browser extension for risks, the CLI in installs, and the Socket GitHub app for PR scans. Updates for Gate VSX; Marketplace is preferred.

Supply chain risks are displayed in development tools. Workstations become enterprise threats when credentials are stolen.