Trusted VS Code Extensions Turned Weaponized: GlassWorm Malware Strikes Open VSX in Silent Supply Chain Breach

Listen to this Post

Featured Image

A Chilling Return of a Familiar Threat

The GlassWorm malware has resurfaced in one of the most trusted corners of the developer ecosystem: the Open VSX marketplace. This time, the operation wasn’t sloppy or obvious. Instead of relying on fake packages or typosquatting tricks, the attackers went straight for credibility—hijacking a legitimate publisher account and silently poisoning widely used Visual Studio Code extensions. The incident, uncovered by Socket, highlights a dangerous evolution in supply chain attacks, where trust itself becomes the attack vector.

How the Compromise Unfolded

On January 30, a threat actor pushed malicious updates to four established VS Code extensions hosted on Open VSX. These extensions were not obscure tools. Collectively, they had more than 22,000 downloads and a clear history of real adoption. Developers installing or updating them had no obvious reason to be suspicious.

No Typosquatting, No Clones—Just Trust Abuse

Unlike many past campaigns, this attack did not involve lookalike package names or cloned repositories. The extensions were published under an existing publisher identity with a solid track record across ecosystems. According to Socket, this made the campaign especially dangerous, as it blended seamlessly into normal developer workflows.

Signs of a Publisher Account Takeover

Socket’s analysis suggests the publisher’s account was compromised, likely through leaked tokens or other unauthorized publishing access. The Open VSX security team confirmed the incident aligns with this assessment. Importantly, while the same publisher also maintains extensions on the Visual Studio Marketplace, this specific attack was limited to Open VSX.

The Hidden Loader Inside the Extensions

Each compromised extension carried a nearly identical malicious loader embedded inside its extension.js file. This loader was designed to activate at runtime, making static analysis less effective. Once executed, it profiled the host system before deciding whether to proceed.

Targeted Evasion and Regional Filtering

One notable feature of the loader was its built-in evasion logic. Systems configured with Russian locales were explicitly excluded from further execution. This tactic, commonly seen in advanced malware campaigns, suggests an attempt to avoid attracting attention from certain regions or law enforcement jurisdictions.

Solana as a Command-and-Control Channel

Instead of hardcoding command-and-control servers, the malware retrieved instructions from transaction memos stored on the Solana blockchain. This approach allowed the attackers to rotate infrastructure dynamically without republishing the extensions, significantly complicating detection and takedown efforts.

macOS in the Crosshairs

The GlassWorm loader showed a clear preference for macOS environments. It only advanced to the next stage if operating system checks confirmed it was running on macOS, making this a highly targeted campaign rather than a broad, noisy infection attempt.

The Second-Stage Payload Explained

Once the initial checks were satisfied, the loader deployed a second-stage payload: a Node.js–based JavaScript implant. This component was responsible for persistence, data theft, and preparing stolen information for exfiltration.

Browser Data Theft at Scale

The malware aggressively targeted Firefox- and Chrome-based browsers, harvesting cookies, saved login data, form history, and artifacts from cryptocurrency wallet extensions. Safari users were not spared either, with cookies and related data also being collected.

Digging Deeper Into macOS Secrets

Beyond browsers, the implant searched for desktop cryptocurrency wallets, macOS Keychain data, Apple Notes, and FortiClient VPN information. This breadth of access gave attackers a detailed snapshot of both personal and professional activity.

Document Harvesting for Added Leverage

The malware didn’t stop at credentials. It scanned the Desktop, Documents, and Downloads folders, collecting files that could contain sensitive intellectual property, internal documentation, or personal data useful for extortion or further compromise.

Exfiltration to External Infrastructure

All harvested data was staged locally before being exfiltrated to hardcoded external destinations controlled by the attackers. This final step completed the infection cycle, turning a simple extension update into a full-scale breach.

Developers as High-Value Targets

Socket notes that the malware showed a particular interest in developer-specific secrets, including AWS credentials and SSH configurations. This dramatically increases the risk of cloud account compromise, source code theft, and lateral movement into corporate environments.

An Escalation in Open VSX Supply Chain Abuse

According to Socket, this campaign represents a clear escalation. The attackers combined trusted publisher identities, encrypted runtime loaders, and blockchain-based dead drops to create a stealthy, resilient supply chain attack that is hard to detect and even harder to disrupt.

What Undercode Say:

Trust Is Now the Primary Attack Surface

This incident confirms a harsh reality: in modern software ecosystems, trust is more valuable than any zero-day exploit. By compromising a legitimate publisher account, the attacker bypassed most traditional warning signs that developers rely on.

Open VSX’s Unique Risk Profile

Open VSX exists to support open and community-driven tooling, but that openness also creates blind spots. When combined with weaker enforcement around publisher credential security, it becomes an attractive target for advanced supply chain campaigns.

Blockchain C2 Is No Longer Experimental

The use of Solana transaction memos as a command-and-control mechanism is not a gimmick—it’s a strategic choice. Blockchains offer resilience, global availability, and plausible deniability, making them ideal for long-lived malware operations.

macOS Developers Are Being Singled Out

The macOS-only execution logic suggests attackers see Apple-based developer machines as especially valuable. These systems often hold signing keys, cloud credentials, and access to production environments, making them prime targets.

Supply Chain Attacks Are Becoming Quieter

There was no mass spam, no obvious malicious behavior at install time, and no visual indicators of compromise. Everything about this campaign was designed to stay invisible while extracting maximum value.

Traditional Marketplace Trust Signals Are Failing

Download counts, publisher history, and ecosystem presence—all the signals developers are told to trust—were effectively weaponized in this attack. This undermines the very foundation of extension marketplaces.

Token Security Is a Growing Weak Point

The suspected use of leaked publishing tokens highlights an often-overlooked risk. CI/CD systems, shared credentials, and poorly protected secrets are becoming entry points for ecosystem-wide compromise.

Detection Requires Behavioral, Not Static, Analysis

Because the malicious code decrypted itself at runtime and relied on external instruction sources, static scanning alone is no longer sufficient. Behavioral analysis and runtime monitoring are now essential.

Developers Are the New Supply Chain Gatekeepers

When developer machines fall, everything downstream is at risk. This campaign reinforces that individual developers are now frontline defenders in software supply chain security.

Extension Ecosystems Need Faster Revocation

Once a publisher account is compromised, the damage spreads instantly. Faster revocation, automated anomaly detection, and stricter update scrutiny are no longer optional.

This Is a Warning, Not an Isolated Event

GlassWorm’s return is not a one-off. It is a signal of where supply chain attacks are heading: stealthy, trust-based, and deeply embedded in everyday tooling.

🔍 Fact Checker Results

✅ The attack involved legitimate Open VSX extensions with over 22,000 downloads.
✅ The malware used Solana blockchain transaction memos for command-and-control.
❌ There is no evidence the Visual Studio Marketplace listings were affected in this incident.

📊 Prediction

GlassWorm-style campaigns will increasingly target trusted developer tooling, with more attackers abusing legitimate publisher accounts rather than creating fake packages. Extension marketplaces that fail to adopt stronger publisher authentication and behavioral scanning will see repeat incidents, while blockchain-based command-and-control techniques are likely to become standard in advanced supply chain malware operations.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: www.securityweek.com
Extra Source Hub (Possible Sources for article):
https://www.github.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon