GlassWorm’s macOS Gambit: The Invisible Worm Draining Developer Wallets via Open VSX
A new wave of malicious extensions has been uncovered in the Open VSX extension marketplace, which is used by millions of developers worldwide. Researchers at Koi Security warn that attackers are seeding the catalog with seemingly “useful” plugins that, in reality, steal cryptocurrency, passwords, and other sensitive data. Notably, this latest campaign targets macOS users exclusively.
The discovery was disclosed by Koi Security, whose analysts report that this marks the fourth wave of a self-propagating malware strain they have dubbed GlassWorm. Although the campaign began only around two and a half months ago, it has already compromised thousands of devices before the malicious extensions were removed from the marketplace.
The attack follows a well-orchestrated pattern. Threat actors publish extensions on Open VSX disguised as productivity-enhancing tools. Open VSX is an open extension marketplace for Visual Studio Code and many of its forks, including Cursor, which is particularly popular among developers working in a “vibe coding” style. Once installed, the extension does not reveal its true nature immediately. Instead, it lies dormant for approximately 15 minutes, a delay designed to evade automated sandbox systems that typically observe application behavior for only a few minutes.
After this waiting period, the core payload is activated. In the latest iteration, the malicious code is embedded within the extension’s JavaScript files and further encrypted. This represents a departure from earlier versions of GlassWorm, which, according to researchers, primarily targeted Windows systems and relied on different obfuscation techniques. The current operators have clearly adapted the malware for macOS, prioritizing stealth and persistence.
Why macOS? Koi Security’s explanation is straightforward. Developers in the cryptocurrency, web3, and startup ecosystems frequently work on macOS—environments where victims are more likely to possess digital wallets, tokens, and access to critical infrastructure. Researchers estimate that at least three infected extensions briefly appeared on Open VSX, collectively amassing around 50,000 downloads. One was masquerading as “Prettier Pro,” purportedly an advanced code formatter, while the other two also appeared to be ordinary developer utilities.
GlassWorm itself is purpose-built to steal crypto assets and credentials. It scans infected systems for hardware wallet applications such as Ledger Live and Trezor Suite and attempts to replace them with trojanized versions. Even in the absence of hardware wallets, the malware is capable of targeting dozens of browser extensions and desktop wallets, including MetaMask, Phantom, Coinbase Wallet, and Exodus. At the same time, it harvests GitHub tokens, git credentials, NPM tokens, entire SSH directories, passwords from the macOS keychain, database files, VPN configurations, cookies, and browser local storage data.
Researchers also highlight an unusual command-and-control mechanism. To retrieve server addresses, the attackers leverage the Solana blockchain, embedding encoded URLs within transaction notes. This technique is far more difficult to neutralize using conventional methods such as domain blocking or hosting takedowns, making the threat significantly more resilient, according to Koi Security.
In this fourth wave, the attackers reportedly reused the same infrastructure as before, including the IP address 45.32.151.157 as the primary command-and-control server. Researchers believe GlassWorm is steadily evolving into a disruption-resistant, cross-platform threat and anticipate further waves, as the operators rapidly adapt their tactics following public disclosures.
If you suspect that an extension on Open VSX may be malicious or vulnerable, the marketplace’s maintainers ask that you report it to openvsx@eclipse-foundation.org.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
