VSCode supply chain attack

Malicious VSCode and OpenVSX extensions delivering payloads, stealing tokens, and persisting via LaunchAgents.

GlassWorm macOS malware targets crypto wallets again

Jan 5, 2026

—

by

Lara De Jong

in Cybercrime & Underground Economy

GlassWorm macOS malware returns via rogue VSCode/OpenVSX extensions that plant AppleScript payloads, steal developer tokens, and try to swap Ledger and Trezor apps.