The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in a supply chain attack.
The leak was discovered by Wiz researchers two weeks ago, when they reported an exposure of over 550 secrets across Microsoft VSCode and Open VSX marketplaces.
Some of those secrets reportedly could give access to projects with 150,000 downloads, allowing the threat actors to upload malicious versions of extension, creating a significant supply-chain risk.
Open VSX, developed under the Eclipse Foundation, is an open-source alternative to Microsoft’s Visual Studio Marketplace, a platform that offers extensions for the VSCode IDE.
Open VSX serves as a community-driven registry for VS Code–compatible extensions for use on AI-powered forks that cannot use Microsoft’s platform, such as Cursor and Windsurf.
Some of the leaked tokens were subsequently used in a malware campaign a few days later, dubbed ‘GlassWorm’.
Koi Security researchers reported that GlassWorm deployed a self-spreading malware hidden within invisible Unicode characters, which attempted to steal developer credentials and trigger cascading breaches across reachable projects.
These attacks also targeted cryptocurrency wallet data from 49 extensions, indicating that the attackers’ motive was likely financial gain.
The Open VSX team and the Eclipse Foundation published a blog post about the campaign and leaked tokens, stating that GlassWorm was not, in fact, self-replicating, although it did target developer credentials.
“The malware in question was designed to steal developer credentials, which could then be used to extend the attacker’s reach, but it did not autonomously propagate through systems or user machines,” clarifies the Open VSX team.
“We also believe that the reported download count of 35,800 overstates the actual number of affected users, as it includes inflated downloads generated by bots and visibility-boosting tactics used by the threat actors.”
Despite that, the threat was quickly contained upon notification, and as of October 21, all malicious extensions were removed from the Open VSX registry, and associated tokens were rotated or revoked.
Open VSX has now confirmed that the incident is fully contained with no ongoing impact and that they plan on implementing additional security measures to prevent a future attack.
These security enhancements are summarized below:
Shorten token lifetimes to reduce exposure impact.
Introduce faster revocation workflows for leaked credentials.
Perform automated security scans for extensions during publication.
Collaborate with VS Code and other marketplaces to share threat intelligence.
BleepingComputer has emailed the Eclipse Foundation to ask how many tokens were rotated in total, but a statement wasn’t immediately available.
Meanwhile, Aikido reported that the same threat actors behind GlassWorm have now moved to GitHub, where they employ the same Unicode steganography trick to hide their malicious payload.
The researchers report that the operation has already spread to multiple repositories, most of which are focused on JavaScript projects.
The pivot to GitHub indicates that the threat remains active, swiftly rotating through open-source ecosystems after exposure.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
