Nasty GlassWorm Malware Pivots From Windows To Target Mac Users

Security firm Koi has been busy lately. Its researchers have not only uncovered a sprawling spyware campaign, but they're also keeping tabs on the ever-evolving malware dubbed GlassWorm. In its latest form, GlassWorm has shifted from exclusively targeting Windows users to targeting macOS users as well, and it has a dangerous new trick up its sleeve to boot.

GlassWorm spreads by inserting malicious code into legitimate VS Code extensions. The threat actor behind the malware uses special Unicode characters that generate no visual output, meaning that a developer would have a difficult time spotting anything suspicious harbored in their code base.

After making the switch to target macOS, the threat actors behind GlassWorm have shown an impressive skill set. This latest incarnation is handcrafted to take advantage of the macOS environment. It uses AppleScript to stealthily execute code, ensures persistence with the use of LaunchAgents, and opportunistically steals data ...