Hackers have contaminated the Open VSX marketplace, which is used by millions of developers, with malware that steals cryptocurrency, credentials, and other sensitive data. The latest wave of malicious extensions is targeting macOS users exclusively.
Researchers at Koi Security warn about a new, already the fourth, wave of dangerous self-replicating malware dubbed GlassWorm, which has been active for just two and a half months.
It automatically injects itself into detected packages on compromised machines. The threat actor disseminates malicious extensions on Open VSX, which is an open-source extension marketplace for Visual Studio Code and various other forked code editors, including Cursor, often used by vibe coders.
Initially, the malware, first identified in October, focused on Windows systems. However, this new variant targets Apple macOS. In a very short period, malicious extensions infected thousands of machines before being taken down.
Koi researchers detected three extensions on the Open VSX marketplace with 50,000 downloads already. One of them claimed to be a “Prettier Pro,” a smart and customizable code formatting extension. The other two also pretended to be helpful productivity-boosting developer tools.
“The GlassWorm actor isn’t just persistent – they're evolving. And now they're coming for your Mac,” the report about Glasworm reads.
Koi warns that the updated malicious payload is stealthy, purpose-built, and professional, employing platform-specific techniques.
But why Macs?
“The attacker is fishing where the fish are,” the researchers explain. “Developers use Macs. Especially in crypto, web3, and startup environments – exactly the victims GlassWorm wants to compromise.”
What is GlassWorm capable of?
The latest version of the malware comes encrypted using strong encryption (AES-256-CBC) and embedded inside the JavaScript file that ships with the infected extension. It differs from the three prior versions targeting Windows, which relied on invisible Unicode characters and compiled Rust binaries.
Once the malicious extension is installed, it will wait 15 minutes before executing the payload. This helps evade dynamic analysis and detection by most automated sandbox environments, which time out after five minutes.
Hackers use the Solana blockchain to control the malware – this method is impossible to take down. Here, they post transaction memos containing base64-encoded URLs.
Once the malware finds the current command and control (C2) endpoint, it checks for existing hardware cryptocurrency wallet applications, such as Ledger Live and Trezor Suite, and replaces them with trojanized versions.
Even without hardware wallets, the worm can be devastating, as it is capable of targeting over 50 browser extensions and desktop wallets, including MetaMask, Phantom, Coinbase Wallet, Exodus, and many others.
For replication, it steals GitHub tokens, git credentials, NPM tokens, and the entire SSH directory. It also exfiltrates macOS Keychain passwords, raw database files, VPN configurations, browser cookies, and local storage from various browsers.
“All other malicious functionality (credential theft, keychain access, data exfiltration, persistence) remains fully operational,” the Koi researchers said.
“The pattern is clear. Each time we expose their techniques, they adapt.”
The fourth wave of malware infections shared the same infrastructure (IP address 45.32.151.157, used as primary C2).
The researchers believe that GlassWorm is becoming a persistent cross-platform threat, and they’re highly confident Wave 5 will follow.
“When C2 infrastructure lives on an immutable blockchain, there's no domain to blacklist. When the attacker reads your research and ships new techniques within weeks, signature-based detection is always one step behind,” the report concludes.
To report malicious or vulnerable extensions, connect with Open VSX at [email protected].
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked