Security Operations, SOC, Critical Infrastructure Security, Supply chain, Identity, Application security

GlassWorm malware targets Open VSX Registry in supply chain attack

Cyber Threats Pictured: Neon Green Hacker's Skull & Crossbones on Binary Background

A developer-compromise supply chain attack distributed via the Open VSX Registry was observed that had malicious versions published by the GlassWorm malware loader.

In a Jan. 31 blog post, the Socket Threat Research Team said the four malicious extensions collectively accumulated more than 22,000 Open VSX downloads prior to the malicious releases.

Security pros were concerned because more than 10 million developers use Open VSX as an open-source alternative to the Microsoft VS Code Marketplace.

“A compromise of Open VSX is concerning because it sits directly in the trusted path between developers and their tools,” said Andi Ursry, threat intelligence analyst at Blackpoint Cyber. “When malicious code enters an extension marketplace, it can spread into developer environments with little visibility or friction. These attacks remain effective because upstream trust is rarely challenged. That’s why teams should review installed extensions, restrict marketplace access where possible, and treat developer tooling as a real attack surface.”

Jason Soroko, senior fellow at Sectigo, said this attack demonstrates that even well-established utilities, with a history of safe use, can become dangerous if publishing credentials are stolen or leaked. The incident involved four specific extensions by the author "oorzc," which had accumulated significant downloads before the malicious updates were pushed to unsuspecting users.


Related reading:


“Security teams need to immediately scan their development environments to identify and remove any installed extensions from the compromised author oorzc,” said Soroko. “It’s vital to investigate network logs for indicators of the GlassWorm loader and verify that no unauthorized data exfiltration has occurred. Defense strategies should include enforcing MFA for all developer accounts and implementing automated scanning tools that can detect anomalous changes in third-party software dependencies.”

Randall Degges, vice president of of AI engineering and developer relations at Snyk, added that the footprint was the most interesting aspect of this Open VSX attack: This wasn't an attack that was set up to mimic others and take advantage of common typos in names, and it wasn't a new publisher who built an obviously malicious extension and tried to get people to use it. Instead, It was malicious extension published by a reputable developer.


Degges said the initial data appears to show that an attacker was able to find some leaked API credentials from a reputable developer's account, then use those to publish malicious changes to four existing, real, VS Code extensions.

“This type of attack catches users off guard because from the user (developer's) perspective, they're using a reputable VS Code extension with no issues one day, and after one automatic update, bam, they've been compromised and their browser data and sensitive secrets have been shipped to a third party unknowingly,” said Degges.

Supply chain attacks like these are extremely common and notoriously hard to prevent, said Degges, pointing out that there's only a few ways fix the problem:

  • More effective security scans: Registries managing supply chain dependencies need to incorporate better security scans and tooling into their package/extension publication process. It’s really important to catch these issues on the server-side before distributing them to users.
  • Better tooling: Users need to have better security scans and tooling as part of their installation and update flows. Right now VS Code doesn't have a standard way for "hooking" security scans into the installation/update procedures, but something like this would go a long way to improving supply chain security for users.
  • Increased developer hygiene: Incorporate better security scanning/hygiene/tooling into the developer side. This means not leaking credentials in the first place, and building tight guardrails around package publication.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds