LM Studio Malware Scare Turns Out to Be a False Alarm — But the Panic Was Real
Windows Defender flagged LM Studio 0.4.7 as containing GlassWorm malware. It was a false positive, but the incident exposed deeper trust issues.
Vlad Makarovreviewed and published1,264 upvotes and 421 comments in hours. That's how fast panic spread on r/LocalLLaMA when a user posted a screenshot of Windows Defender quarantining a file from LM Studio's directory, flagged as "Trojan:JS/GlassWorm.ZZ!MTB" — a severe threat classification.
What Happened
On March 24, users updating to LM Studio 0.4.7 on Windows found that Defender was flagging and deleting files from the installation, rendering the app unusable. The detection name was particularly alarming: GlassWorm is a real, active supply chain malware campaign tracked by Socket Security since January, targeting VS Code extensions with sophisticated techniques including Solana blockchain dead drops and Russian locale geofencing.
LM Studio's team responded quickly. "We're investigating with priority," wrote Yags from the team on Reddit. "We currently believe this is a false positive." Within hours, Microsoft confirmed the detection was indeed a false positive and updated Defender's definitions. The Reddit post was amended with a prominent "NO VIRUS" notice.
Why It Happened
The technical explanation is straightforward. LM Studio uses code obfuscation in its Electron bundle to protect intellectual property. Obfuscated JavaScript patterns can look remarkably similar to actual malware loaders — packed code, encoded strings, unusual execution flows. Windows Defender's machine-learning classifier (indicated by the !MTB suffix) pattern-matched LM Studio's legitimate obfuscated code against GlassWorm's obfuscated payloads and flagged it.
This isn't the first time. LM Studio has triggered false positives at least seven times since October 2024, including hits from both Windows Defender and Kaspersky. A community member identified that the executable wasn't properly signed for a period, preventing it from building reputation with Windows SmartScreen.
The Bigger Picture
The incident landed on the same day as a genuine supply chain compromise — LiteLLM versions 1.82.7 and 1.82.8 on PyPI were actually compromised via a hacked CEO GitHub account. That coincidence amplified the anxiety.
For the local AI community that just celebrated Unsloth Studio's launch as an open-source alternative to LM Studio, the timing raised uncomfortable questions. LM Studio's proprietary license and code obfuscation — the very thing that caused this false positive — stand in contrast to Unsloth's Apache 2.0 approach. When your code is obfuscated, users and security tools alike have to take your word for it. Sometimes that trust gets tested.