Executive Summary

The Open VSX registry, an open-source alternative to the Microsoft Visual Studio Marketplace for VS Code-compatible extensions, experienced a significant supply-chain security incident in 2025. Privileged access tokens were inadvertently leaked by developers in public repositories, enabling threat actors to publish malicious extensions to the Open VSX registry. The attack, identified as the GlassWorm campaign, leveraged these tokens to distribute malware-laden extensions that targeted developer credentials and cryptocurrency wallet data. The incident was rapidly contained by the Open VSX team and the Eclipse Foundation, with all malicious extensions removed and affected tokens rotated or revoked by October 21, 2025. The vulnerability was fully patched, and additional security measures have been implemented to prevent recurrence. This report provides a detailed technical analysis of the attack vector, malware behavior, affected timelines, and actionable mitigation strategies, with all claims substantiated by primary sources.

Technical Information

The Open VSX registry serves as a community-driven platform for distributing VS Code-compatible extensions, particularly for forks and environments that cannot use the official Microsoft Visual Studio Marketplace. In 2025, a critical vulnerability was discovered in the registry’s continuous integration and deployment (CI/CD) pipeline, specifically within the GitHub Actions workflow responsible for auto-publishing extensions. The workflow, designed to automate the publication of extensions listed in an extensions.json file, inadvertently exposed a privileged access token (OVSX_PAT) to build scripts of all auto-published extensions and their dependencies. This exposure occurred because the workflow did not adequately isolate the token from untrusted code during the npm install process (The Hacker News, June 26, 2025).

Threat actors exploited this vulnerability by exfiltrating the OVSX_PAT token, which granted them the ability to publish or overwrite any extension in the Open VSX marketplace. Using this access, they uploaded malicious extensions containing the GlassWorm malware. The malware was obfuscated using invisible Unicode characters (Unicode steganography), a technique that concealed its presence from standard code reviews and automated scans (BleepingComputer, Nov 2, 2025).

GlassWorm was engineered to steal developer credentials and cryptocurrency wallet data, targeting 49 extensions in total. The malware’s primary objective was credential theft, which could facilitate further lateral movement within the developer ecosystem and potentially compromise additional projects. While initial reports suggested the malware was self-replicating, the Open VSX team clarified that it did not autonomously propagate but relied on credential theft to extend its reach.

The attack was detected when researchers from Wiz identified over 550 leaked secrets across the Microsoft VSCode and Open VSX marketplaces. Some of these secrets provided access to projects with up to 150,000 downloads, amplifying the potential impact. The Open VSX team, upon notification, acted swiftly to remove all malicious extensions and rotate or revoke all affected tokens by October 21, 2025. The incident was publicly disclosed and confirmed as fully contained on November 2, 2025 (BleepingComputer, Nov 2, 2025).

The Eclipse Foundation and Open VSX maintainers have since implemented several security enhancements, including shortening token lifetimes, introducing faster revocation workflows, automating security scans for extensions during publication, and collaborating with other marketplaces to share threat intelligence.

The GlassWorm threat actors subsequently shifted their operations to GitHub, employing the same Unicode steganography technique to target JavaScript projects in multiple repositories. This migration underscores the persistent risk posed by supply-chain attacks in open-source ecosystems.

The technical details of the attack align with several techniques in the MITRE ATT&CK framework, including supply chain compromise (T1195.002), IDE extension hijacking (T1574.006), credential theft (T1555), obfuscated files or information (T1027), and potential lateral movement using alternate authentication material (T1550).

Affected Versions & Timeline

The vulnerability affected all versions of the Open VSX registry that relied on the compromised GitHub Actions workflow for auto-publishing extensions prior to the deployment of the final patch. The timeline of key events is as follows:

On May 4, 2025, the vulnerability was disclosed to Open VSX maintainers by Koi Security researchers (The Hacker News, June 26, 2025). Multiple rounds of fixes were proposed, culminating in the deployment of a final patch on June 25, 2025. The malicious extensions were identified and removed, and all affected tokens were rotated or revoked by October 21, 2025 (BleepingComputer, Nov 2, 2025). The incident was publicly disclosed and confirmed as contained on November 2, 2025.

The attack specifically targeted extensions published via the auto-publishing workflow, impacting both the Open VSX registry and downstream users of affected extensions. The actual number of affected users is believed to be lower than initial download counts suggest, as some download figures were artificially inflated by bots and threat actor tactics.

Threat Activity

The GlassWorm campaign represents a sophisticated supply-chain attack leveraging weaknesses in CI/CD workflows and token management. The threat actors exploited the exposure of the OVSX_PAT token to gain privileged access to the Open VSX registry, enabling them to publish malicious extensions that were indistinguishable from legitimate ones due to Unicode steganography.

The malware’s primary functions included credential theft and the targeting of cryptocurrency wallet data, indicating both supply-chain compromise and financial motives. The attack did not exhibit self-replicating behavior but relied on the theft of developer credentials to potentially compromise additional projects and repositories.

Following the containment of the incident in Open VSX, the threat actors pivoted to GitHub, targeting JavaScript projects with similar techniques. This demonstrates a pattern of targeting open-source developer ecosystems and exploiting automated publication workflows.

The incident highlights the broader risk posed by unvetted software dependencies and the need for rigorous security controls in extension marketplaces. The MITRE ATT&CK framework has recognized the risk of IDE extension abuse, introducing a new technique for "IDE Extensions" in April 2025 (The Hacker News, June 26, 2025).

Mitigation & Workarounds

The following mitigation strategies are prioritized by severity:

Critical: Organizations using Open VSX or any third-party extension registry must immediately audit all installed extensions for signs of compromise, focusing on those published or updated between May and October 2025. Any extension exhibiting suspicious behavior, such as obfuscated code or unexpected credential access, should be removed and reported.

Critical: All privileged tokens and credentials used in CI/CD workflows must be rotated and their exposure minimized. Tokens should be scoped with the least privilege necessary and isolated from untrusted build scripts.

High: Implement automated security scanning for all extensions and dependencies prior to publication. This includes static and dynamic analysis to detect obfuscated code, hidden Unicode characters, and credential theft functionality.

High: Establish rapid credential revocation workflows and shorten token lifetimes to reduce the window of exposure in the event of a leak.

Medium: Collaborate with extension marketplaces and threat intelligence providers to share indicators of compromise and coordinate response efforts.

Medium: Educate developers on secure credential management and the risks associated with publishing secrets in public repositories.

Low: Monitor for unusual download patterns or extension update activity, which may indicate bot-driven attempts to inflate download counts or propagate malicious extensions.

All organizations should review their supply-chain security posture, particularly regarding the use of third-party extensions and automated publication workflows. Regular audits, credential hygiene, and defense-in-depth strategies are essential to mitigating the risk of similar attacks.

References

BleepingComputer, "Open VSX rotates access tokens used in supply-chain malware attack," Nov 2, 2025: https://www.bleepingcomputer.com/news/security/open-vsx-rotates-tokens-used-in-supply-chain-malware-attack/

The Hacker News, "Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks," June 26, 2025: https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.html

About Rescana

Rescana provides a Third-Party Risk Management (TPRM) platform designed to help organizations identify, assess, and monitor risks in their software supply chain. Our platform enables continuous visibility into third-party dependencies, automated risk assessments, and actionable insights for mitigating supply-chain threats. For questions or further information, contact us at ops@rescana.com.