Listen to this Post
Introduction
On January 30, 2026, a silent but highly effective supply chain attack shook the developer ecosystem. The Open VSX Registry, a widely used open-source alternative marketplace for Visual Studio Code extensions, became the delivery channel for malware after attackers compromised a trusted publisher account. What made this incident especially dangerous was not technical novelty alone, but the abuse of long-standing trust. Extensions developers had relied on for years were suddenly weaponized, turning everyday productivity tools into data-stealing backdoors.
Summary of the Original Incident
The attack centered on the “oorzc” publisher account on Open VSX. By gaining access to the developer’s publishing credentials, the attackers released malicious updates to four legitimate VS Code extensions that together had accumulated more than 22,000 downloads. These extensions were popular utilities used for common development tasks such as FTP and SFTP synchronization, internationalization support, mind mapping, and SCSS-to-CSS compilation.
Initially, nothing appeared suspicious. The extensions retained their original names, descriptions, and functionality. However, the newly published versions contained a hidden GlassWorm malware loader. Open VSX later assessed that the compromise was likely due to leaked credentials or unauthorized access rather than a direct breach of their infrastructure.
Socket Security detected the malicious behavior and alerted both the extension maintainer and the Eclipse Foundation, which oversees Open VSX. The response was swift. Access tokens were revoked, the infected versions were removed, and one extension was permanently blacklisted to prevent further abuse.
This campaign marked a significant escalation in GlassWorm’s operational playbook. Earlier waves of the malware relied heavily on typosquatting—tricking users into installing fake extensions with names similar to popular ones. In this case, attackers hijacked an established and reputable publisher. Notably, the same “oorzc” account also maintains clean, non-malicious extensions on the official Visual Studio Marketplace, with thousands of active installations. That contrast highlights how a single trusted identity can dramatically amplify an attacker’s reach.
Attack Chain and Malware Behavior
The malicious logic was embedded in the extension.js file using a staged loader approach. The initial stage decrypted an embedded hexadecimal payload using AES-256-CBC with a hardcoded key and initialization vector, then executed it dynamically. This obfuscation ensured that static analysis would reveal little at first glance.
The next stage performed environmental checks designed to avoid execution on systems located in Russia. It inspected system locale settings, time zones such as Moscow, and UTC offsets between +2 and +12 hours. If the environment passed these checks, the malware retrieved command-and-control configuration data from a Solana blockchain transaction memo. This blockchain-based dead drop allowed attackers to change infrastructure without publishing new extension updates.
On macOS systems, a third-stage payload was downloaded. This Node.js script focused on credential harvesting and persistence. Each compromised extension targeted slightly different data sets, ranging from AWS credentials and SSH keys to browser cookies, password vaults, VPN configurations, cryptocurrency wallets, and personal documents.
Stolen data was staged in a temporary directory, compressed into a single archive, and exfiltrated to a remote server. Persistence was achieved through a LaunchAgent plist file that ensured the malware restarted automatically every time the user logged in.
What Undercode Say:
This incident is a textbook example of how developer tooling has become one of the most valuable attack surfaces in modern cybersecurity. The real danger was not the malware itself, but the strategic targeting of developers. By stealing AWS credentials, SSH keys, npm tokens, and GitHub artifacts, attackers positioned themselves to pivot far beyond individual machines and into cloud environments, CI/CD pipelines, and private code repositories.
The use of a blockchain transaction memo as a command-and-control mechanism is particularly telling. It reflects a growing trend where attackers blend into legitimate decentralized infrastructure to avoid takedowns and monitoring. This technique reduces operational friction and makes traditional blacklisting approaches far less effective.
Equally important is the shift away from typosquatting toward publisher hijacking. Typosquatting relies on user error; account compromise exploits trust. Once a publisher is established, every update becomes a potential delivery mechanism, and users rarely question routine extension updates.
The fact that the same publisher account maintained clean extensions on the official Visual Studio Marketplace underscores a harsh reality: marketplace reputation alone is no longer a reliable security signal. Attackers understand the economics of trust and are increasingly willing to play the long game.
From a defensive standpoint, this attack reinforces the need for layered controls in development environments. Static code reviews are no longer sufficient when malicious logic is encrypted and dynamically loaded. Behavioral analysis, permission auditing, and runtime monitoring are becoming mandatory, not optional.
The response from the Eclipse Foundation demonstrates that rapid coordination can limit damage, but it also highlights how much responsibility still falls on end users. Rotating credentials, auditing repositories, and scanning persistence mechanisms are time-consuming tasks, yet unavoidable once a compromise occurs.
Ultimately, this incident shows how a single stolen credential can transform a developer workstation into an enterprise-level breach vector. In an era where developers hold the keys to infrastructure, source code, and deployment pipelines, attacks like this are not edge cases—they are previews.
Fact Checker Results
✅ The compromised extensions and malicious versions were confirmed and removed by Open VSX.
✅ GlassWorm’s use of encrypted loaders and credential theft matches prior documented campaigns.
❌ No evidence suggests a direct breach of Open VSX infrastructure itself.
Prediction
🔮 Supply chain attacks targeting developer tools will increasingly favor account hijacking over fake packages.
🔮 Blockchain-based command-and-control methods will become more common to evade takedowns.
🔮 Extension marketplaces will be forced to adopt stricter behavioral and update-level security reviews.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.github.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
