Executive Summary
In late 2025 and into January 2026, a new wave of the "GlassWorm" malware campaign targeted macOS developers by infiltrating Visual Studio Code and OpenVSX extension marketplaces. Malicious extensions, embedding AES-256-CBC–encrypted JavaScript payloads, were uploaded using covert techniques. Once installed, the malware stole sensitive credentials, including GitHub, NPM, and crypto wallet data, and established persistence via AppleScript and LaunchAgents. The campaign also attempted to replace popular hardware cryptocurrency wallet apps like Ledger Live and Trezor Suite, although this payload failed due to incomplete attacker infrastructure. Over 33,000 installs were recorded, potentially impacting individual developers and organizations reliant on secure software supply chains.
GlassWorm’s evolution targets not only Windows but also macOS ecosystems, signaling a rising trend in sophisticated supply chain attacks against developer tooling. This incident is a cautionary reminder for organizations and developers to tightly scrutinize third-party plugins, raising urgency to implement stronger extension vetting, threat detection, and least-privilege controls.
Why This Matters Now
The GlassWorm campaign highlights the urgent risk posed by trojanized open-source developer tools on trusted marketplaces. With the proliferation of supply chain attacks, rapid adoption of BYOD, and increasing value of developer credentials, defending against malicious extensions has become a critical priority for organizations building and securing code on macOS.
Attack Path Analysis
The GlassWorm campaign began with supply chain compromise via trojanized VSCode/OpenVSX extensions installed by targeted developers. Once inside, the malware established persistence using LaunchAgents and exploited available privileges to access sensitive application and keychain data. It then attempted lateral movement by checking for hardware wallet apps, preparing to replace legitimate wallets and potentially spread within the developer environment. The malware maintained encrypted command-and-control communications through a blockchain-based (Solana) channel, evading detection. Stolen credentials, crypto wallet data, and keychain secrets were exfiltrated to attacker-controlled infrastructure. Although fully operational, the impact phase (active theft from hardware wallets) was limited this wave due to incomplete payloads, but credential theft and data loss occurred.
Kill Chain Progression
Initial Compromise
Description
Developers installed malicious VSCode/OpenVSX extensions containing AES-encrypted GlassWorm payloads, enabling initial code execution on macOS systems.
Related CVEs
CVE-2025-10155
CVSS 8.8A vulnerability in the OpenVSX registry allows attackers to bypass file extension checks, enabling the upload of malicious extensions.
Affected Products:
Eclipse Foundation OpenVSX – < 1.0.0
Exploit Status:
exploited in the wildCVE-2025-10156
CVSS 8.8A vulnerability in the OpenVSX registry allows attackers to exploit CRC errors, facilitating the upload of malicious extensions.
Affected Products:
Eclipse Foundation OpenVSX – < 1.0.0
Exploit Status:
exploited in the wildCVE-2025-10157
CVSS 8.8A vulnerability in the OpenVSX registry allows attackers to circumvent unsafe globals checks, enabling the upload of malicious extensions.
Affected Products:
Eclipse Foundation OpenVSX – < 1.0.0
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Dependencies and Development Tools
User Execution: Malicious File
Event Triggered Execution: Launch Agents
Unsecured Credentials: Credentials in Files
Credentials from Password Stores: Keychain
Exfiltration Over Web Service: Exfiltration to Cloud Storage
Proxy: External Proxy
Command and Scripting Interpreter: AppleScript
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Change and Configuration Management
Control ID: 6.4.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (Regulation (EU) 2022/2554) – ICT Risk Management Framework
Control ID: Article 9
CISA Zero Trust Maturity Model (ZTMM) 2.0 – Enforce Trusted Software and Supply Chain Controls
Control ID: Device Pillar: Device Security Enforcement
NIS2 Directive (Directive (EU) 2022/2555) – Basic Cyber Hygiene including Supply Chain Security
Control ID: Article 21(2)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
GlassWorm supply chain attacks target macOS developers through malicious VSCode extensions, compromising development environments and requiring enhanced egress security controls.
Financial Services
Trojanized crypto wallets like Ledger Live and Trezor Suite threaten financial institutions' cryptocurrency operations, demanding zero trust segmentation and threat detection capabilities.
Information Technology/IT
IT infrastructure faces lateral movement risks from compromised developer systems, necessitating east-west traffic security and multicloud visibility for effective threat response.
Computer/Network Security
Security teams must implement inline IPS and anomaly detection to counter AES-encrypted payloads targeting developer credentials and cryptocurrency wallet infrastructure.
Sources
- New GlassWorm malware wave targets Macs with trojanized crypto walletshttps://www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/Verified
- New GlassWorm Malware Wave Targets Macs Through Fake Crypto Wallet Toolshttps://www.techworm.net/2026/01/new-glassworm-malware-targets-macs-fake-crypto-wallet-tools.htmlVerified
- GlassWorm macOS malware targets crypto wallets againhttps://cyberwarzone.com/2026/01/05/glassworm-macos-malware-targets-crypto-wallets-again/Verified
- GlassWorm Goes Mac: Fresh Infrastructure, New Trickshttps://www.koi.ai/blog/glassworm-goes-mac-fresh-infrastructure-new-tricksVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Implementing Zero Trust network segmentation, microsegmentation, centralized visibility, and strict egress controls would have detected and constrained GlassWorm's lateral movement, command-and-control traffic, and data exfiltration. CNSF capabilities can limit the blast radius and prevent unauthorized app-to-app or workload-to-internet communications, reducing attacker dwell time and impact.
Control: Multicloud Visibility & Control
Mitigation: Rapid detection of suspicious extension behavior and unauthorized app install attempts.
Control: Zero Trust Segmentation
Mitigation: Blocked unauthorized access between workload and sensitive data stores.
Control: East-West Traffic Security
Mitigation: Prevented malicious east-west movement or app tampering within the environment.
Control: Egress Security & Policy Enforcement
Mitigation: Detection and blocking of unauthorized outbound and C2 traffic.
Control: Encrypted Traffic (HPE) + Egress Security & Policy Enforcement
Mitigation: Disrupted encrypted exfiltration and raised alerts on data movement.
Early detection and automated response limited blast radius and impact.
Impact at a Glance
Affected Business Functions
- Software Development
- Cryptocurrency Transactions
Estimated downtime: 7 days
Estimated loss: $500,000
The GlassWorm malware campaign has led to the exposure of sensitive developer credentials, including GitHub and npm tokens, SSH keys, and cryptocurrency wallet data. This exposure has resulted in unauthorized access to source code repositories, potential insertion of malicious code into software projects, and theft of cryptocurrency assets.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce Zero Trust Segmentation to block unauthorized workload-to-workload traffic and restrict malware movement.
- • Deploy centralized multicloud visibility and anomaly detection to surface suspicious extension activity and exfiltration attempts.
- • Implement strict egress policies and FQDN filtering to disrupt malware command-and-control and exfiltration flows.
- • Apply identity-based access controls and microsegmentation to enforce least privilege for access to sensitive credentials and wallets.
- • Regularly monitor and alert on anomalous encrypted traffic and baseline deviations across hybrid developer environments.
