GlassWorm malware's fourth wave targets macOS developers via malicious VSCode extensions

The fourth wave of the GlassWorm malware campaign is targeting macOS users by distributing malicious extensions for Visual Studio Code (VSCode) and OpenVSX. These extensions are used to deliver trojanized versions of cryptocurrency wallet applications, with the ultimate goal of stealing cryptocurrency assets. This attack vector is particularly concerning as it exploits the trust developers place in their tools and the software supply chain. The use of VSCode and OpenVSX extensions as the initial infection vector highlights the growing threat to developers and development environments. Attackers are increasingly targeting these tools due to the elevated privileges and access developers often have. Organizations should educate their developers about the risks of installing extensions from untrusted sources and implement policies for vetting extensions. Additionally, using code signing and integrity checks can help detect trojanized applications. While the article does not provide specific dates or quantitative impact, the technical details indicate a sophisticated and targeted approach to compromising macOS systems through development tools.