A fourth wave of the GlassWorm malware campaign is targeting macOS developers through malicious extensions distributed on the OpenVSX registry and the Microsoft Visual Studio Marketplace, according to researchers at Koi Security.
The campaign involves compromised extensions designed for VS Code compatible editors. These extensions, which typically add productivity tools or language support, have been weaponised to deliver malware that steals developer credentials and cryptocurrency data.
GlassWorm was first identified in October after being hidden inside extensions using invisible Unicode characters. Once installed, the malware attempted to harvest login details for GitHub, npm and OpenVSX accounts, as well as data from cryptocurrency wallet extensions.
It also enabled remote access via VNC and allowed attackers to route traffic through infected systems using a SOCKS proxy.
Despite public disclosure and additional safeguards, the malware resurfaced in early November on OpenVSX and again in early December on the VS Code marketplace.
In the latest campaign, researchers observed a shift in tactics. The new wave targets macOS systems exclusively, unlike earlier versions that focused on Windows. The malware now uses an AES 256 CBC encrypted payload embedded in compiled JavaScript within OpenVSX extensions, rather than invisible Unicode characters or compiled Rust binaries.
The identified extensions include studio velte distributor pro svelte extension, cudra production vsce prettier pro and puccin development full access catppuccin pro extension.
The malicious code activates after a 15 minute delay, likely to avoid detection in automated analysis environments.
Persistence is achieved through macOS LaunchAgents, and AppleScript is used instead of PowerShell. The campaign continues to rely on a Solana blockchain based command and control mechanism, with infrastructure overlaps seen across earlier waves.
Koi Security said the malware now attempts to extract macOS Keychain passwords and checks for installed hardware wallet applications such as Ledger Live and Trezor Suite.
If found, it attempts to replace them with trojanised versions. Researchers noted that this feature is currently not functioning as intended, with the substituted wallet files appearing empty.
According to Koi Security, all other malicious capabilities remain active, including credential theft, data exfiltration and system persistence.
OpenVSX has flagged warnings for two of the identified extensions, citing unverified publishers. While download figures show more than 33,000 installs, researchers warned that such metrics are often inflated to create a false sense of legitimacy.
Developers who installed any of the affected extensions are advised to remove them immediately, reset GitHub passwords, revoke npm access tokens and check systems for compromise. Reinstalling the operating system may be necessary in cases of confirmed infection.
