According to Cybersecurity firm Socket, a sneaky supply chain compromise on the Open VSX Registry (the open-source alternative to Microsoft's VS Code extension marketplace) has recently been discovered and exposed by a group of Threat Actors on January 30, 2026 when they pushed out four long-standing extensions under the publisher name Oorzc (which had been installed and used for over two years with over 22,000 legitimate downloads) with malware embedded within them as new updates to those extensions.
The affected extensions include:
1. FTP/SFTP/SSH Sync Tool (oorzc.ssh-tools, version 0.5.1)
2. I18n Tools (oorzc.i18n-tools-plus, version 1.6.8)
3. vscode mindmap (oorzc.mind-map, version 1.0.61)
4. scss to css (oorzc.scss-to-css-compile, version 1.3.4)
Researchers believe the attack stemmed from stolen publishing credentials, likely a leaked token or similar unauthorized access, rather than any flaw in Open VSX itself. The poisoned updates have been yanked, but the incident highlights how even trusted developer accounts can become unwitting malware delivery vehicles.
What makes these updates nasty is the GlassWorm loader they embed. This malware, termed "GlassWorm," has been present in multiple Waves since 2015 but the current version has matured and developed into using real dev identities for exploitation rather than using typosquatting or adding a phishing aspect with fake add-ons.
This version uses Ethers to hide command a to C2 locations in Ethereum/Solana blockchain Memo as part of its IO. All decryption (18) occurs while loading/executing so only the end user's system will have the complete location of C2 and any modded dev identities used.
It only fully activates after checking the system's locale, skipping anything set to Russian to dodge potential legal heat back home a classic tell for Russian-speaking cybercrime crews.
Once running on a Mac (its primary target here), GlassWorm goes after a laundry list of sensitive stuff:
1. Browser data from Firefox and Chromium-based ones (logins, cookies, history, plus wallet extensions like MetaMask)
2. Cryptocurrency wallet software includes the following file types after encryption or export (see above): Electrum, Exodus, Atomic Wallet, Ledger Live & Trezor Suite; Binance & Tonkeeper.
3. iCloud Keychain database file.
4. Files from Safari's cookies.
5. Files from on-device Apple notes.
6. Files from Desktop/Desktop Folder/Documents & Downloads; All Operations here; Create Folders under {USER}; Folders List by Size.
7. FortiClient VPN Configuration Files
8. Developer Goodies; Credentials from ~/.aws; Keys from ~/.ssh; npm auth tokens/GitHub artifacts
That last bit is particularly worrisome for teams: compromised dev creds can lead to private repo access, stolen CI/CD secrets, or even cloud account takeovers and lateral movement in corporate environments.
Socket points out that this version of GlassWorm blends seamlessly into normal workflows, encrypted loaders, dynamic infrastructure rotation via blockchain, and no static IOCs to easily block. It shifts the defense burden toward spotting odd behaviors (unexpected network calls, unusual file access) and fast incident response.
If you're using Open VSX extensions (especially VS Code on macOS), it's worth a quick audit: check your installed versions against the clean ones, revoke any exposed tokens, enable multi-factor everywhere possible, and consider behavioral monitoring tools. Supply chain hits like this remind us that trust in third-party code is fragile, even when the publisher seems rock-solid.
Source: The Hacker News
