Alexander Culafi , Senior News Writer , Dark Reading February 3, 2026 3 Min Read Source: imageBROKER via Alamy Stock Photo More supply chain havoc from the GlassWorm threat has made its way into the software development mix, poisoning software components that have thousands of downstream users. Researchers with application development security vendor Socket last week detailed a supply chain attack involving Trojanized versions of four legitimate components distributed via the Open VSX registry. Socket reported the attack to Open VSX and the Eclipse Foundation on Jan. 30, and the malicious versions of each component were quickly removed. It's difficult to say how many victims may have slipped through the cracks even despite quick action on the part of all parties involved. But Socket's blog points out that FTP/SFTP/SSH Sync Tool, I18n Tools, vscode mindmap, and scss to css "collectively accumulated over 22,000 Open VSX downloads prior to the malicious releases." Concerning a likely origin for the threat, "the Open VSX security team assessed the activity as consistent with a leaked token or other unauthorized access," Socket's Kirill Boychenko wrote. The end goal, as is often the case with app-dev supply chain attacks, was to infect downstream users with information stealers. The approach is becoming a trend: Some particularly scary versions of this type of attack occurred last year with the self-replicating Shai-hulud worm . And a slew of supply chain attacks involving software components last summer led GitHub to commit to a more secure NPM ecosystem . GlassWorm Continues Inching Forward GlassWorm malware was first discovered by Koi Security in the fall of 2025. The vendor observed the malware's self-propagating nature (not unlike Shai-hulud ) and saw it infect tens of thousands of developer machines . A developer would download a poisoned component, the malware would steal credentials, and then the actor would abuse publishing access to put up poisoned versions, spreading the malware further. It was also stealthy and coded with invisible Unicode characters — the invisible character trick seen in earlier versions has been replaced with encrypted, staged loaders in recent iterations. Once it got into a machine, GlassWorm stole credentials like NPM, GitHub, and Git, as well as cryptocurrency wallets. It leveraged the Solana blockchain for command and control (C2) as well as Google Calendar for backup command. Attacks continued well beyond that initial wave , despite the Eclipse Foundation calling the situation contained at the time. This recent GlassWorm attack detailed by Socket takes a similar shape. The blockchain-based infrastructure remains in place, as does the focus on Open VSX components. Based on downstream payloads Socket researchers collected, the malware harvests macOS data including wallet-extension data like MetaMask, multiple Web browser families, desktop cryptocurrency wallet files, keychain databases, Apple Notes databases, Safari cookies, VPN configurations, developer credentials, and much more. Boychenko wrote that this incident differs from previous GlassWorm activity as well. "Earlier waves largely relied on typosquatting and brandjacking, cloning or mimicking popular developer tools and attempting to appear trustworthy by artificially inflating download counts," the blog post read. "By contrast, these four extensions were published under an established publisher account with a multi-extension history and meaningful adoption signals across ecosystems." Socket's blog includes indicators of compromise for defenders. How to Melt Down GlassWorm For organizations, the risk of something like this is obvious, especially since many pieces of software use dozens of open source components (at a minimum). GlassWorm can compromise developer accounts, steal cryptocurrency wallet holdings and secrets, and even breach cloud instances via AWS credentials that may be on a victim's machine. Orgs that downloaded a compromised extension should rotate credentials, especially those tied to developer or cloud accounts. They should also audit recent GitHub activity and validate their CI configurations and release jobs for possible tampering. "If you installed any extension listed in the IOC section, treat it as a credential exposure event. Remove the extension and delete its on-disk artifacts," Boychenko wrote. "On macOS, check for persistence under ~/Library/LaunchAgents, including unfamiliar plists such as com.user.nodestart.plist, and investigate suspicious runtime paths that reference /tmp/ijewf or /tmp/out.zip." Dark Reading contacted Socket for additional information. About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. See more from Alexander Culafi