A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

The threat actor gained access to the account of a legitimate developer (oorzc) and pushed malicious updates with the GlassWorm payload to four extensions that had been downloaded 22,000 times.

GlassWorm attacks first appeared in late October, hiding the malicious code using “invisible” Unicode characters to steal cryptocurrency wallet and developer account details. The malware also supports VNC-based remote access and SOCKS proxying.

Over time and across multiple attack waves, GlassWorm impacted both Microsoft’s official Visual Studio Code marketplace and its open-source alternative for unsupported IDEs, OpenVSX.

In a previous campaign, GlassWorm showed signs of evolution, targeting macOS systems, and its developers were working to add a replacement mechanism for the Trezor and Ledger apps.

A new report from Socket’s security team describes a new campaign that relied on trojanizing the following extensions:

• oorzc.ssh-tools v0.5.1
• oorzc.i18n-tools-plus v1.6.8
• oorzc.mind-map v1.0.61
• oorzc.scss-to-css-compile v1.3.4

The malicious updates were pushed on January 30, and Socket reports that the extensions had been innocuous for two years. This suggests that the oorzc account was most likely compromised by GlassWorm operators.

According to the researchers, the campaign targets macOS systems exclusively, pulling instructions from Solana transaction memos. Notably, Russian-locale systems are excluded, which may hint at the origin of the attacker.

GlassWorm loads a macOS information stealer that establishes persistence on infected systems via a LaunchAgent, enabling execution at login.

It harvests browser data across Firefox and Chromium, wallet extensions and wallet apps, macOS keychain data, Apple Notes databases, Safari cookies, developer secrets, and documents from the local filesystem, and exfiltrates everything to the attacker's infrastructure at 45.32.150[.]251.

Socket reported the packages to the Eclipse Foundation, the operator of the Open VSX platform, and the security team confirmed unauthorized publishing access, revoked tokens, and removed the malicious releases.

The only exception is oorzc.ssh-tools, which was removed completely from Open VSX due to discovering multiple malicious releases.

Currently, versions of the affected extensions on the market are clean, but developers who downloaded the malicious releases should perform a full system clean-up and rotate all their secrets and passwords.