A new wave of the GlassWorm malware is now targeting macOS developers by hiding malicious code inside fake Visual Studio Code extensions designed to steal cryptocurrency, credentials, and sensitive system data, security researchers at Koi Security warn.
This is the fourth wave of the campaign in just over two months — and the first to focus exclusively on Macs.
Malicious Extensions Hiding In Plain Sight
GlassWorm is distributed through trojanized extensions hosted on the Open VSX marketplace, an open-source alternative to Microsoft’s official Visual Studio Code extension store. The malicious extensions pose as legitimate developer tools, such as code formatters and theme packs.
Koi Security identified three suspicious extensions on Open VSX that together showed more than 50,000 downloads, though researchers caution that download counts can be manipulated to build false trust.
First spotted in October, Glassworm hid malicious code inside extensions using “invisible” Unicode characters. Subsequent waves replaced this with compiled Rust binaries and expanded the campaign’s reach. Despite being publicly exposed multiple times, the attackers have quickly adapted their techniques and returned with new ones.
“The GlassWorm actor isn’t just persistent – they’re evolving. And now they’re coming for your Mac,” the researchers warned in a blog post published on Monday.
Why Attackers Are Targeting Macs Now?
Previous versions of the Glassworm malware focused on Windows users and relied on different techniques to evade detection. Researchers say the attackers are deliberately targeting macOS because developers — particularly working in crypto, Web3, and start-up environments — overwhelmingly use Macs, making them high-value targets to get access to cryptocurrency wallets, source code, and developer credentials.
Unlike earlier Windows-focused versions, the new GlassWorm variant is built specifically for macOS. It uses AppleScript instead of PowerShell, relies on LaunchAgents for persistence instead of Registry keys and Scheduled Tasks, and directly targets the macOS Keychain to extract stored passwords.
“This isn’t a lazy port,” Koi Security noted. “The attacker knows macOS. This is professional work.”
A Stealthier Delivery Method
The latest GlassWorm payload is encrypted using AES-256-CBC and embedded inside compiled JavaScript within the extension itself. Once installed, it delays execution for 15 minutes before activating — long enough to evade automated security sandboxes, which often stop monitoring after five minutes.
For command-and-control, GlassWorm continues to rely on the Solana blockchain. By embedding command-and-control (C2) server addresses in blockchain transaction memos, the malware can retrieve instructions without relying on traditional servers that can be easily blocked or shut down.
Hardware Wallets At Risk
GlassWorm also introduces code to replace legitimate hardware wallet apps such as Ledger Live and Trezor Suite with trojanized versions. While this feature is not fully active yet, researchers say it could be enabled at any time.
Even without it, the malware remains highly dangerous, targeting over 50 browser-based and desktop cryptocurrency wallets, stealing GitHub and npm credentials, copying SSH keys, harvesting browser cookies, and exfiltrating macOS Keychain data.
What Developers Should Do
Security experts believe GlassWorm is becoming a persistent, cross-platform threat. Developers who may have installed the affected malicious extensions are strongly advised to remove them immediately, reset compromised credentials, revoke access tokens, and consider reinstalling their systems. In some cases, a full system reinstall may be the safest option.
As GlassWorm continues to evolve, the campaign underscores how modern software supply chains are increasingly being abused — reminding users that even tools from well-known marketplaces can carry hidden risks and must be treated with caution.
