GlassWorm malware targets macOS developers using trojanized VS Code extensions to steal credentials and crypto wallets.

Continue reading
A new wave of the GlassWorm malware is actively targeting macOS systems, with a sharp focus on software developers and cryptocurrency users. The campaign, recently reported by BleepingComputer and backed by fresh threat research from Koi Security, shows a deliberate shift toward supply-chain style attacks delivered through seemingly legitimate developer tools.
Unlike broad phishing campaigns, this operation is quiet, patient, and technically calculated. Its primary objective is credential theft and crypto wallet compromise, achieved by abusing the trust developers place in popular editor extensions.
GlassWorm is not new. Earlier variants were already known for targeting macOS users, but the latest iteration marks a notable escalation in both stealth and intent.
This wave distributes malware through trojanized Visual Studio Code extensions, published via the Open VSX ecosystem. On the surface, these extensions promise productivity features like code formatting, UI themes, or framework helpers. Underneath, they conceal encrypted JavaScript payloads designed to activate only after installation has gone unnoticed.
Once installed, the malware waits approximately 15 minutes before executing. This delay is intentional. It allows the malicious code to bypass automated sandbox analysis and casual inspection, making the extension appear benign during initial checks.
The attack chain is engineered for subtlety rather than speed:
The user installs what appears to be a legitimate VS Code extension from a trusted registry.
After a timed delay, the extension decrypts an embedded payload using AES-256-CBC encryption.
The malware uses AppleScript to create LaunchAgent entries, ensuring it survives reboots and user logouts.
Sensitive data is quietly collected and staged for exfiltration.
This approach avoids noisy exploits and instead relies on native macOS mechanisms, blending into normal system behavior.
The scope of data collection is extensive and clearly optimized for financial and developer account compromise.
Targeted assets include:
In parallel, the malware actively searches for over 50 cryptocurrency wallets, both browser-based and desktop applications. This includes popular wallets such as MetaMask, Phantom, Exodus, Electrum, and official companion apps for hardware wallets.
One of the most concerning findings is GlassWorm’s built-in capability to replace legitimate hardware wallet companion applications with trojanized versions.
While researchers observed that these replacement attempts were failing at the time of analysis due to empty payload downloads, the logic is present and functional. This suggests the attackers are either testing delivery mechanisms or preparing for a future activation.
If successfully deployed, such replacements could trick users into signing malicious transactions while believing they are interacting with trusted software.
GlassWorm also experiments with unconventional infrastructure choices. Instead of relying solely on traditional servers, parts of its command-and-control logic reference Solana blockchain transactions to retrieve attacker-controlled configuration data.
This technique provides resilience. Blockchain-based pointers are harder to takedown, immutable by design, and complicate attribution and disruption efforts by defenders.
The campaign is highly selective.
Primary targets include:
The attackers are betting on a familiar reality: developers install extensions frequently, often without deep inspection, and rarely expect tooling to become the attack vector.
This campaign underscores a broader trend in modern malware operations. Rather than exploiting operating system vulnerabilities, threat actors are exploiting trust.
Trusted developer ecosystems, open extension marketplaces, and everyday productivity tools are becoming ideal delivery channels. The GlassWorm campaign shows how a single compromised extension can silently undermine everything from source code repositories to financial assets.
For macOS users, especially those working in development or crypto-adjacent roles, this attack is a reminder that platform reputation alone is no longer a security guarantee.
Security teams and individual developers should treat this incident as a signal, not an anomaly.
Key precautions include:
In environments where developer endpoints are high-value assets, extension allowlists and endpoint behavior monitoring are no longer optional.
GlassWorm’s latest evolution reflects a mature threat actor mindset. The malware does not rush. It does not announce itself. It embeds, waits, observes, and extracts value with precision.
As developer ecosystems continue to expand and decentralize, attackers will keep following the same path. Not by breaking systems, but by quietly living inside them.
And in that silence, the real damage is done.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation