[Warning] GlassWorm is hunting for crypto on MAC mashines.

[satscraper]

GlassWorm is the first self‑propagating worm that initially targeted only Windows machines around two months ago.

Now it has shifted to macOS. Moreover, the threat actor isn’t wasting time on trifles, they are attacking developers directly by injecting a malicious payload into Visual Studio tool used to build wallet applications.

Notably, this payload is difficult to detect because the attacker concealed it using the technique different from those seen previously, "payload is wrapped in AES‑256‑CBC encryption and embedded in compiled JavaScript".

Stay vigilant.

[Lucius]

Hackers are becoming more and more resourceful, because if I understand correctly, in this case the malware is spreading using the Solana blockchain and it is practically impossible to disable it in any way, and it is adapting all the time. What is particularly worrying is the fact that even users of hardware wallets can be at risk, given that malware can practically imperceptibly install a malicious version of Ledger Live or Trezor Suite and do the following:

....If either is found, the malware downloads a trojanized replacement, removes the legitimate app, and installs the malicious version in its place.

This is a significant escalation in capability. Hardware wallets are supposed to be the most secure way to store cryptocurrency. Users trust them precisely because the signing happens on a separate device. But if your Ledger Live or Trezor Suite application is compromised, the attacker can:

Display fake receiving addresses
Modify transaction details before signing
Capture your seed phrase during "recovery" flows
Intercept communication between the app and device

Your hardware wallet is only as secure as the software you use to interact with it.

Given that Ledger has a Recovery option, this last thing that malware can do (Intercept communication between the app and device) is particularly worrying, because theoretically a hacker can intercept the user's seed that is sent to remote servers. Let's assume that this information is encrypted, but still this type of attack is just one more risk for those who are already taking risks with these devices.

[Yamane_Keto]

regularly reviewing necessary extensions, along with disabling automatic updates, has become essential. It's best to avoid any new updates for at least two weeks to a month. These software programs evolve faster than detection capabilities.

[LFC_Bitcoin]

How is this infecting computers?

Where would somebody fall foul to downloading the virus?

[ABCbits]

Moreover, the threat actor isn’t wasting time on trifles, they are attacking developers directly by injecting a malicious payload into Visual Studio tool used to build wallet applications.

Honestly i expect developer/programmer would have better security practice, such as not storing cryptocurrency wallet on device they use to work.

What is particularly worrying is the fact that even users of hardware wallets can be at risk, given that malware can practically imperceptibly install a malicious version of Ledger Live or Trezor Suite and do the following

Good point, there aren't many malware that replace real with fake app. This is why people should double check TX detail on their hardware wallet, although i know not all detail can't be shown and it can be difficult due to small screen size.

[Gachapin]

Hackers are becoming more and more resourceful, because if I understand correctly, in this case the malware is spreading using the Solana blockchain and it is practically impossible to disable it in any way, and it is adapting all the time. What is particularly worrying is the fact that even users of hardware wallets can be at risk, given that malware can practically imperceptibly install a malicious version of Ledger Live or Trezor Suite and do the following:

....If either is found, the malware downloads a trojanized replacement, removes the legitimate app, and installs the malicious version in its place.

This is a significant escalation in capability. Hardware wallets are supposed to be the most secure way to store cryptocurrency. Users trust them precisely because the signing happens on a separate device. But if your Ledger Live or Trezor Suite application is compromised, the attacker can:

Display fake receiving addresses
Modify transaction details before signing
Capture your seed phrase during "recovery" flows
Intercept communication between the app and device

Your hardware wallet is only as secure as the software you use to interact with it.

Given that Ledger has a Recovery option, this last thing that malware can do (Intercept communication between the app and device) is particularly worrying, because theoretically a hacker can intercept the user's seed that is sent to remote servers. Let's assume that this information is encrypted, but still this type of attack is just one more risk for those who are already taking risks with these devices.

sorry for being blunt but if someone still uses Legder after all the shit they've done over the years it's their fault at this point

regarding other HWs like trezor:
as long as you only input and verify data through the hardware wallet itself, even with a fake wallet software on your computer, you should be fine.

and afaik the software updates for the hardware wallets are checked with a special key that only the manufacturer has.

[Lucius]

How is this infecting computers?
Where would somebody fall foul to downloading the virus?

As far as I understand, the main target of this malware are developers who work on extensions, and which are then infected and become available for ordinary users who download them. This way you don't have to attack thousands of users to succeed, it's enough to infect the source.

What is specific is that this worm uses the Solana blockchain and, as far as I understand, it is practically indestructible, considering that with each detection it simply creates a new "transaction" which it then uses as a new starting point for the attack. The fact that it can completely seamlessly uninstall a legitimate app and install a fake app is particularly worrying in combination with the fact that extensions are something that people use massively today.

sorry for being blunt but if someone still uses Legder after all the shit they've done over the years it's their fault at this point
~snip~

I can't say that I don't agree about it, but you know there are still people who believe that their older models are not endangered with the possibility of seed extraction (because that's what Ledger says). For me, it was simply a risk that I had to get rid of and switch to an air-gapped wallet as something that is by far the safest.

~snip~
Good point, there aren't many malware that replace real with fake app. This is why people should double check TX detail on their hardware wallet, although i know not all detail can't be shown and it can be difficult due to small screen size.

I know that I always check everything several times before broadcasting a transaction, and if it's an extremely valuable transaction, that means I'll check every character in every address no matter how long it takes. Considering this type of malware (which is constantly developing and adapting), we can do nothing but raise the level of caution to a whole new level.