GlassWorm in Open VSX A developer commitment exposes 22,000 downloads and data in macOS

A new wave of the malware family known as GlassWorm has again shown how fragile the software supply chain for developers can be. On this occasion the attackers committed the account of a legitimate author on Open VSX - the record of alternative and open source extensions for editors based on Visual Studio Code - and published malicious updates on several extensions that together exceeded 22,000 downloads before being removed.

The technical analysis published by the security team Socket describes how the operators behind the campaign abused the account identified as oorzc to inject the GlassWorm charger into four Open VSX packages: oorzc.ssh-tools, oorzc.i18n-tools-plus, oorzc.mind-map and oorzc.scs-to-cs-compile. The stranded versions were uploaded on January 30; until then those packages had been available without incident for approximately two years, suggesting that the attackers gained access to the developer's publishing environment and took advantage of it to spread malware.

GlassWorm is designed to attack exclusively macOS in this campaign and shows a wide range of espionage capabilities. The malware download and run an information extractor that sets persistence through a LaunchAgent to run at the start of the session, and search for sensitive data on your computer: Chromium and Firefox browser credentials, cryptographic wallet extensions and applications, macOS key entry, Apple Notes databases, Safari cookies, development secrets and local documents. According to Socket, all the information collected was sent to an infrastructure controlled by the attackers in IP address 45.32.150 [.] 251.

In addition to data theft, GlassWorm incorporates functions that facilitate remote control and lateral movement: VNC support for remote graphic access and the ability to function as a SOCKS proxy, allowing attackers to route traffic through the compromised machine. In previous campaigns the GlassWorm family had already shown techniques to hide malicious code by "invisible" Unicode characters and had tried to detect and interfere with hardware wallets applications such as Trezor and Ledger, which denotes a constant evolution of their ability to attack critical funds and development environments.

A curious and striking technical detail is the observed command and control mechanism: operators draw instructions from the Solana network transaction memos. This type of distributed control channel, using public blockchains to transmit orders, complicates traditional tracking and provides resilience to the attackers' infrastructure. Socket also detected checks of the environment in the code, including the explicit exclusion of Russian-shaped systems, a practice that is sometimes interpreted as an indication that the authors try to avoid victims in their own region.

The ecosystem response was rapid: Socket reported the incidence to the Eclipse Foundation, responsible for Open VSX, and the platform team confirmed unauthorized access, revoked the committed publication tokens and eliminated infected versions of the extensions. In a particular case, oorzc.ssh-tools was completely removed from the record after it was confirmed that it contained multiple malicious launches. To date, public versions of these extensions have been cleaned, but that does not remove the risk for those who installed the compromised updates during the period in which they were active. For additional reading and media coverage, BleepingComputer has documented the campaign and its impact: BleepingComputer - GlassWorm in Open VSX.

If you installed any of the affected versions, there are practical steps that should be taken immediately. First, he assumes that the team was compromised: he does a complete analysis and eliminates suspicious files and agents - the LaunchAgens in macOS are a key point to review - and considers the use of specific detection and cleaning tools for macOS. Second, change and break passwords, API keys and tokens, and enable multifactor authentication in all services where possible; for developers, revoke and reissue publishing tokens in extension records is essential. Third, check any wallet of cryptomonedas you have used on that team: if a private key or seed phrase was exposed, security recommendations force you to move the funds to a new and secure wallet. Apple offers general safety guides on its devices that can help to guide: Apple security documentation.

This incident recalls that confidence in the software supply chain is a critical link to security. Extensions and plugins are code we run in development and production environments; a single committed package can filter infrastructure secrets, repository credentials and sensitive data. Projects such as Open VSX allow an open alternative to official markets, but do not eliminate the need for additional controls: sign releases, audit publishing processes, limit permissions and maintain the rotation of secrets are measures that help reduce impact if a malicious actor gets access to a legitimate account.

To better understand how transactions work in Solana and why their use as a control channel is relevant, the official project documentation provides technical context on the format and memos: Transaction documentation in Spain. And if you are responsible for the security of packages and extensions, consider implementing more stringent integrity audits and publishing policies; registration and platform operators should improve the detection of atypical publications and facilitate the rapid revocation of committed credentials.

The lesson is clear: the safety of the developer is no longer a matter of personal hygiene alone, but a collective responsibility. A package with thousands of downloads can become a mass exfiltration vector if an attacker can publish a malicious update. Keeping informed, monitoring activity records, rotating secrets and applying technical publishing controls are practices that are essential today to reduce the risk of a future GlassWorm being respread.