A new wave of malicious extensions has been discovered in the Open VSX extension store, used by millions of developers. Koi experts warn that attackers are pushing “useful” plugins into the store , but are actually stealing cryptocurrency, passwords, and other sensitive data. The attack now only targets macOS users.
Specialists at Koi Security reported the discovery. They say it’s already the fourth wave of self-propagating malware, which they’re calling GlassWorm . The campaign began only about two and a half months ago, but it had already infected thousands of devices before the extensions were removed from the market.
The scheme works like this: an attacker publishes extensions on Open VSX disguised as productivity tools. Open VSX is an open extension repository for Visual Studio Code and its many derivatives, including Cursor , a popular choice among developers working with Vibe Coding. After installation, the “extension” doesn’t reveal itself immediately, but waits about 15 minutes. This pause helps circumvent automated sandboxes, which typically only analyze program behavior for a few minutes.
The main code is then executed. In the new version, it is hidden within the extension’s JavaScript file and further encrypted . This is different from previous GlassWorm variants, which, according to researchers, targeted Windows and used various camouflage techniques. Now, the authors have clearly adapted the tool for macOS, emphasizing its stealth and resilience.
Why Mac? Koi Security explains it simply . macOS is often used by developers in the cryptocurrency, web3, and startup sectors— in other words, environments where victims are more likely to have wallets, tokens, and access to infrastructure. Researchers estimate that at least three infected extensions appeared on Open VSX, with a combined total of approximately 50,000 downloads. One of these masqueraded as “Prettier Pro,” supposedly an advanced code formatter, while the other two appeared to be standard development tools.
GlassWorm itself, judging by its description, is designed to steal cryptocurrencies and credentials. It scans your computer for hardware wallet apps like Ledger Live and Trezor Suite and attempts to replace them with Trojanized versions. Even without a hardware wallet, the malware can attack dozens of browser extensions and desktop wallets, including Meta Mask, Phantom, Coinbase Wallet, and Exodus. It also harvests GitHub tokens, Git credentials, NPM tokens, and entire SSH directories, as well as passwords from the macOS Keychain, database files, VPN settings, cookies, and local browser storage.
Researchers also noted an unusual method of managing infections. To obtain C&C server addresses, attackers use the Solana blockchain , publishing notes with encrypted links in transactions. This approach is more difficult to defeat using traditional methods, such as blocking a domain or deactivating hosting, which, according to Koi Security, makes the threat more persistent.
The fourth wave reportedly used the same infrastructure as the previous one, including the IP address 45.32.151.157 as the primary command and control server. Researchers believe GlassWorm is gradually evolving into a resilient, cross-platform threat and are predicting the next wave, as attackers will rapidly adapt their techniques following public reports.
If you suspect that an extension in Open VSX may be malicious or vulnerable, the marketplace developers ask you to report it to [email protected]
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
