GlassWorm Malware Campaign Targets macOS Developers with Malicious Visual Studio Code Extensions

Executive Summary

A new variant of the GlassWorm malware is actively targeting developers using macOS. The campaign, highlighted by Acronis, leverages malicious extensions for popular code editors Visual Studio Code and OpenVSX to deliver its payload. This marks a strategic shift for the threat actor, who previously focused on Windows. The malware is a self-propagating worm designed for stealth and data theft. It uses encrypted payloads, delayed execution to bypass sandboxes, and LaunchAgents for persistence. Its primary objective is to steal sensitive developer credentials, including GitHub and npm tokens, browser data, and cryptocurrency wallet information, posing a direct threat to both individual developers and the broader software supply chain.

Threat Overview

GlassWorm is a multi-stage, data-stealing worm that has been active since at least October 2025. This fourth observed wave of activity demonstrates a clear pivot towards the Apple ecosystem and the developer community. By hiding within seemingly legitimate VS Code extensions, the malware abuses the trust developers place in the tools and marketplaces they use daily.

The attack vector is social engineering, tricking developers into installing a malicious extension from the VS Code Marketplace or OpenVSX registry. Once installed, the malware's lifecycle begins:

1. Evasion: The malicious JavaScript payload is AES-256-CBC encrypted and remains dormant for 15 minutes to evade automated analysis in sandbox environments.
2. Execution: After the delay, the malware uses AppleScript to execute its core logic.
3. Persistence: It establishes persistence on the infected Mac by creating a LaunchAgent, ensuring it runs automatically every time the user logs in.
4. Theft: The worm's primary function is to steal a wide array of sensitive data.

Technical Analysis

The malware's TTPs are tailored for the macOS environment and developer targets.

1. Initial Access (T1195.001): The attack begins with the developer installing a compromised or malicious VS Code extension, a form of Compromise Software Dependencies and Development Tools.

2. Defense Evasion (T1497.003 - Time Based Evasion): The 15-minute sleep delay is a classic sandbox evasion technique. The payload is also encrypted to hinder static analysis (T1027 - Obfuscated Files or Information).

3. Execution (T1059.002 - AppleScript): The use of AppleScript for execution is a common technique for malware on macOS, as it is a built-in scripting language that can interact with the OS and other applications.

4. Persistence (T1543.001 - Launch Agent): By creating a .plist file in the ~/Library/LaunchAgents directory, GlassWorm ensures it is automatically re-launched by the OS upon user login, a standard macOS persistence mechanism.

5. Credential Access (T1555.003 - Credentials from Web Browsers): The malware is specifically coded to find and exfiltrate credentials from browser databases, GitHub/npm configuration files, and over 50 types of cryptocurrency wallets.

MITRE ATT&CK Mapping

Impact Assessment

The impact of a successful GlassWorm infection is significant, particularly for the software supply chain:

• Developer Credential Theft: The theft of GitHub and npm credentials can allow attackers to push malicious code to legitimate software repositories, initiating a widespread supply chain attack.
• Financial Theft: By stealing cryptocurrency wallet data, attackers can directly drain funds from infected developers.
• Corporate Espionage: Stolen browser data and credentials can provide attackers with access to sensitive corporate systems, email, and internal documentation.
• Further Compromise: The stolen credentials can be used to pivot and launch further attacks against the developer's employer or collaborators.

Cyber Observables for Detection

Hunting for GlassWorm involves looking for signs of its presence on macOS endpoints:

Detection & Response

• Endpoint Detection and Response (EDR): A macOS-aware EDR is essential for detection. It can monitor for the creation of new LaunchAgents, suspicious process chains (e.g., Code -> osascript), and unauthorized access to sensitive files like the SSH key folder or browser credential stores. This leverages Process Analysis (D3-PA).
• Extension Vetting: Before installing any VS Code extension, developers should vet it by checking the publisher's reputation, the number of installs, and user reviews. Avoid extensions from unknown or new publishers.
• Log Analysis: Centralize and analyze logs from developer endpoints. Look for outbound network connections from unexpected processes to identify potential C2 communication or data exfiltration.

Mitigation

Securing developer endpoints is key to mitigating this threat.

1. Limit Software Installation (M1033): In corporate environments, consider creating an allowlist of approved VS Code extensions. This prevents developers from installing potentially malicious extensions from the public marketplace. This is a form of Executable Allowlisting (D3-EAL) applied to extensions.

2. Privileged Account Management (M1026): Developers should not run as local administrators on their machines. This can limit the malware's ability to establish persistence or access system-level files.

3. Credential Protection: Encourage the use of hardware tokens (e.g., YubiKey) for Git commit signing and for accessing sensitive services. Avoid storing plaintext credentials or tokens in configuration files whenever possible. Use the macOS Keychain or other secure vaults to store secrets.

4. Antivirus/Antimalware (M1049): Use a reputable next-generation antivirus (NGAV) solution for macOS that can detect and block known malware like GlassWorm and identify suspicious behaviors.