Shattering the Trust: The “GlassWorm” Supply Chain Attack Hijacking Open VSX Extensions

A sophisticated supply chain incursion has been documented within the Open VSX extension registry, precipitated by the illicit seizure of a developer’s credentials. Adversaries surreptitiously integrated malicious payloads into widely utilized development tools to disseminate the GlassWorm loader, an artifact engineered for the exfiltration of sensitive data and administrative identities. This incident, impacting extensions with tens of thousands of installations, underscores a strategic evolution in adversarial methodologies.

The Socket security collective identified that unauthorized actors gained access to the publishing credentials of a developer known as oorzc, subsequently releasing compromised versions of four extensions. Analysts postulate that this breach stemmed from a leaked authentication token or a similar subversion of the publishing pipeline. The malicious logic was embedded in updates for FTP SFTP SSH Sync Tool, I18n Tools, vscode mindmap, and scss to css. Prior to this compromise, these utilities were distributed as legitimate tools, collectively garnering over 22,000 downloads.

The compromised versions harbored a multi-stage loader designed to decrypt and execute obfuscated code directly within system memory. To evade detection, the malware performs a reconnaissance of the system’s locale and time zone, systematically bypassing environments with Russian linguistic configurations. Command-and-control (C2) infrastructure addresses are retrieved dynamically via transaction notes on the Solana blockchain, a technique that facilitates rapid infrastructure rotation without necessitating a re-release of the extension.

The subsequent phase of the offensive specifically targets the macOS ecosystem. Upon execution, the module harvests session cookies, login databases, and browsing histories from Firefox and Chromium-based browsers, alongside data from specialized cryptocurrency wallets and their respective extensions. High-value targets include MetaMask, Electrum, Exodus, Atomic, Ledger Live, Trezor Suite, Binance, and TonKeeper. Furthermore, the malware exfiltrates macOS Keychains, Apple Notes, Safari cookies, and FortiClient VPN configurations. Of paramount concern is the theft of developer directories containing AWS and SSH keys, which presents a catastrophic risk of cloud environment subversion and lateral movement within corporate infrastructures. The extraction of npm tokens and GitHub access artifacts further jeopardizes private repositories and CI/CD pipelines.

Upon receiving notification from security analysts, the Open VSX team revoked the developer’s publishing tokens, expunged the infected releases, and blacklisted the primary malicious package. While earlier, untainted versions remain available, registry representatives emphasized that the compromise was isolated to Open VSX and does not implicate the Visual Studio Marketplace.

This campaign represents a significant escalation in supply chain threats. While previous incursions predominantly relied on “typosquatting” or fraudulent projects, this operation leveraged a pre-existing account with established reputation and a credible download history. Security specialists strongly urge the immediate removal of the aforementioned extensions, a thorough audit of the LaunchAgents directory for persistence artifacts, and a comprehensive rotation of all GitHub, npm, AWS, and SSH access credentials.