Mac Users Targeted by Malicious Extensions That Steal Crypto Wallets and Passwords
A common misconception for Many Mac users is that they are naturally protected from malware, especially when they download tools from official marketplaces. Unfortunately, that confidence is exactly what attackers rely on. Security researchers have uncovered a growing threat involving malicious Mac extensions that quietly steal cryptocurrency wallet data, passwords, and even macOS Keychain credentials. What makes this campaign especially dangerous is that these extensions were distributed through platforms people already trust.
How Malicious Extensions Ended Up in Trusted Marketplaces
Cybersecurity researchers at Koi Security recently identified a new wave of malware known as GlassWorm hiding inside extensions published for Visual Studio Code. These extensions were available through reputable platforms such as the Microsoft Visual Studio Marketplace and OpenVSX, both widely used by developers and power users.
On the surface, the extensions appeared harmless. They advertised useful features like code formatting tools, themes, and productivity enhancements. Once installed, however, they executed malicious code silently in the background. Earlier versions of this malware relied on hidden text to avoid detection. Newer versions use encrypted payloads and delayed execution to bypass automated security scans.
While this campaign is often described as developer focused, the risk extends beyond programmers. Anyone using a Mac who installs extensions or stores passwords or cryptocurrency locally could be affected.
Practical Steps to Reduce Your Risk
Malicious extensions succeed because they look normal. These steps can help reduce your exposure even when threats appear in official marketplaces.
1. Install only what you actively use
Every additional extension increases risk. Remove anything you no longer need, especially tools that promise premium features for free or imitate popular extensions with slightly altered names.
2. Research the publisher
Before installing any extension, check who created it. Reputable developers usually have a clear website, documentation, and update history. Vague descriptions or unknown publishers should be treated with caution.
3. Use a dedicated password manager
Password managers store credentials in encrypted vaults that are separate from browsers and extensions. They also help ensure every account uses a unique password, limiting damage if one account is compromised.
4. Use modern antivirus or endpoint protection
macOS malware today often avoids obvious files and signatures. Security tools that monitor behavior can detect suspicious background activity, encrypted payloads, and persistence techniques used by malicious extensions.
5. Enable two factor authentication wherever possible
Two factor authentication adds a critical extra layer of protection. Even if a password is stolen, attackers are far less likely to gain access without the second verification step.
6. Keep macOS and apps fully updated
Security updates close vulnerabilities that malware relies on. Enable automatic updates to ensure you are protected even if you miss security news.
7. Periodically audit your installed extensions
Review your extensions regularly and remove anything you do not recognize or no longer use. A smaller attack surface always means less risk.
Conclusion
This threat is a reminder that security is no longer just about avoiding shady downloads or obvious scams. Even trusted platforms can be abused, and attackers know people rarely question tools that look helpful and professional. Malicious extensions like GlassWorm succeed because they blend into everyday workflows and stay quiet for as long as possible.
The goal is not to create fear but awareness. Installing fewer extensions, paying attention to who publishes them, and keeping systems protected and updated significantly reduces risk. Small habits add up, especially when sensitive data like passwords and cryptocurrency are involved.
Mac users are not powerless here. With a cautious approach and the right safeguards in place, it is still possible to use modern tools safely without sacrificing convenience.
