Security researchers have shared details of a malware attack targeting macOS. The Threat Research team at Socket identified a new GlassWorm attack which uses compromised Open VSX extensions.
The extensions have been installed thousands of times, and come from the account from a legitimate developer whose account was compromised. Similar attacks have been taking place since October last year, but recent activity shows there is an uptick in this approach.
Writing about its findings, Socket says that its “Threat Research team identified a developer-compromise supply chain attack distributed via the Open VSX Registry, specifically a compromise of the developer’s publishing credentials. The Open VSX security team assessed the activity as consistent with a leaked token or other unauthorized access”.
The firm continues:
On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm malware loader. These extensions had previously presented as legitimate developer utilities (some first published more than two years ago) and collectively accumulated over 22,000 Open VSX downloads prior to the malicious releases.
The four impacted extensions are:
- FTP/SFTP/SSH Sync Tool (oorzc.ssh-tools — v0.5.1)
- I18n Tools (oorzc.i18n-tools-plus — v1.6.8)
- vscode mindmap (oorzc.mind-map — v1.0.61)
- scss to css (oorzc.scss-to-css-compile — v1.3.4)
The latest activity shows that while, broadly speaking, the attack vector remains the same, the current breed of GlassWorm attack take a slightly different approach. By targeting a known developer, it is easier to slip under the radar.
Socket says that it has been in contact with the developers to highlight the issue. It adds:
Across all four extensions, the malicious update introduces staged loaders that decrypt and execute embedded code at runtime, includes Russian-locale avoidance, resolves command and control (C2) pointers from Solana transaction memos, and then executes additional remote code.
This tradecraft aligns with the recent GlassWorm cluster we have been tracking internally since December 2025. In that work, we identified and reported earlier malicious Open VSX extensions tied to the same staging and blockchain-resolved infrastructure patterns, which reduce reliance on static indicators and enable rapid server-side updates.
Socket concludes by saying:
This campaign shows a clear escalation in Open VSX supply chain abuse. The threat actor blends into normal developer workflows, hides execution behind encrypted, runtime-decrypted loaders, and uses Solana memos as a dynamic dead drop to rotate staging infrastructure without republishing extensions. These design choices reduce the value of static indicators and shift defender advantage toward behavioral detection and rapid response.
The immediate risk is credential and token theft from developer endpoints. Stolen AWS and SSH material can enable direct cloud compromise and lateral movement. Stolen GitHub and npm tokens can enable repository takeover, poisoned commits, package publication abuse, and access to CI secrets. Even if the extensions run only on workstations, the downstream blast radius can extend to build pipelines and end users if compromised credentials are reused to ship tampered releases.
More details and advice can be found the blog post here.
