GlassWorm Malware Targets macOS Developers Through Poisoned VS Code Extensions

A new wave of the GlassWorm malware campaign is exclusively targeting macOS developers through malicious Visual Studio Code extensions hosted on Open VSX, marking the first Mac-focused attack from this increasingly sophisticated threat. The campaign has already achieved over 50,000 downloads before detection.

The Attack Vector

GlassWorm is being distributed through trojanized extensions on Open VSX, an open-source alternative to Microsoft's official VS Code extension marketplace. Three malicious extensions were identified:

Prettier Pro: Presented as a customizable code formatting tool
Two additional extensions masquerading as productivity utilities

The extensions appeared legitimate, passing casual inspection while harboring sophisticated data theft capabilities.

Technical Sophistication

This fourth wave of GlassWorm demonstrates significant evolution from previous iterations:

Platform shift: Every previous GlassWorm wave exclusively targeted Windows. Wave 4 is the first to focus entirely on macOS.

Delayed execution: Malicious code activates after a 15-minute delay, likely to evade sandbox analysis that typically monitors for shorter periods.

macOS-native techniques: Instead of PowerShell, the malware uses AppleScript. Instead of Registry modification, it leverages LaunchAgents for persistence.

Blockchain C2: Command-and-control instructions are embedded in Solana blockchain transaction memos, making infrastructure takedowns extremely difficult.

Encryption: AES-256-CBC encryption protects communications and exfiltrated data.

What GlassWorm Steals

The malware's data collection capabilities are extensive:

Cryptocurrency Assets

Browser-based crypto wallet extensions (50+ targeted)
Desktop wallet applications
Hardware wallet apps: GlassWorm detects Ledger Live and Trezor Suite, then replaces them with trojanized versions

Developer Credentials

GitHub tokens and credentials
NPM authentication tokens
SSH private keys

System Data

macOS Keychain passwords
Browser cookies
Source code from active projects

The Hardware Wallet Twist

Perhaps most concerning is GlassWorm's new capability to detect and replace hardware wallet applications. When the malware identifies Ledger Live or Trezor Suite on a compromised system, it downloads and installs trojanized versions.

These fake applications can:

Intercept transaction signing requests
Steal recovery phrases if entered
Modify transaction destinations without user awareness

This represents a significant escalation—even users who believe their cryptocurrency is secured by hardware wallets may be vulnerable.

Primary Targets

The campaign focuses on developers in:

Cryptocurrency and Web3 projects: High-value targets with direct access to digital assets
Startup environments: Often prioritize speed over security
Open source contributors: Heavy VS Code usage and trust in community tooling

macOS adoption is particularly high in these communities, explaining the platform shift.

Worm Capabilities

GlassWorm includes self-propagation features. The malware was first discovered using "invisible" Unicode characters to hide malicious code, and it can spread through:

Compromised npm packages
Infected Git repositories
Extension dependency chains

Researchers warn this makes GlassWorm a persistent cross-platform threat with significant supply chain implications.

Detection and Removal

Check installed extensions:

code --list-extensions

Review for unfamiliar extensions, particularly those claiming to be "Pro" versions of popular tools.

Check LaunchAgents:

ls ~/Library/LaunchAgents/
ls /Library/LaunchAgents/

Look for suspicious or recently created plist files.

Verify wallet applications: If you use Ledger Live or Trezor Suite, verify the application signature and reinstall from official sources.

Rotate credentials: If you suspect compromise, rotate:

GitHub personal access tokens
NPM tokens
SSH keys
Any passwords stored in Keychain

Protection Recommendations

Source extensions carefully: Prefer Microsoft's official marketplace over alternatives when possible
Review extension permissions: Before installing, check what access an extension requests
Verify publisher identity: Look for verified publishers and check extension history
Monitor extension behavior: Use Little Snitch or similar tools to track extension network activity
Separate development environments: Consider using containers or VMs for untrusted development work
Hardware wallet hygiene: Only download wallet applications from official vendor websites; verify signatures

Reporting

Open VSX has urged developers to report suspicious extensions to [email protected]. The malicious extensions have been removed, but new variants may appear.

What's Next

Researchers believe Wave 5 is inevitable. The GlassWorm operators have demonstrated continuous development, cross-platform capabilities, and sophisticated evasion techniques. The supply chain attack vector through VS Code extensions represents a particularly effective approach for targeting developers.

Developers using VS Code on macOS should immediately audit installed extensions and verify the integrity of any cryptocurrency wallet applications.