Critical GlassWorm Malware Spreads Via Trojanized VS Code Extensions
Key Takeaways A malicious extension on the OpenVSX marketplace, disguised as a WakaTime productivity tool, is distributing the GlassWorm malware. The malware employs Zig-compiled native binaries to...
Key Takeaways
- A malicious extension on the OpenVSX marketplace, disguised as a WakaTime productivity tool, is distributing the GlassWorm malware.
- The malware employs Zig-compiled native binaries to infect multiple developer environments simultaneously, including VS Code, Cursor, and Windsurf.
- GlassWorm establishes a persistent Remote Access Trojan (RAT), exfiltrates data, and installs a malicious Chrome extension, while avoiding Russian systems.
- Developers should immediately check for and remove the compromised extensions and treat infected machines as fully compromised, rotating all credentials.
A sophisticated supply chain attack is leveraging a trojanized developer extension, hosted on the OpenVSX marketplace, to silently deploy the persistent GlassWorm malware across various code editors on a developer’s system. This malicious package, masquerading as a legitimate productivity tool, utilizes compiled native binaries to infect VS Code, Cursor, Windsurf, and other compatible environments in a single, multi-faceted operation.
Table Of Content
GlassWorm is not a novel threat; it first emerged in March 2025, initially observed embedding malicious payloads within invisible Unicode characters in npm packages. Over the past year, the campaign has expanded its reach, impacting hundreds of projects across GitHub, npm, and VS Code. Prior to this latest method, its most notable tactic involved deploying a persistent Remote Access Trojan (RAT) via a fraudulent Chrome extension designed to log keystrokes and pilfer session cookies from unsuspecting victims.
Security analysts at Aikido, who have been tracking the GlassWorm campaign for over a year, identified this new infection vector in April 2026. The attack was discovered embedded within an OpenVSX extension named code-wakatime-activity-tracker, published under the specstudio account. Superficially, this malicious extension closely mimics the authentic WakaTime productivity tool, presenting identical command options, API key prompts, and familiar status bar icons to deceive developers.
Technical Modus Operandi
What distinguishes this particular attack from earlier GlassWorm iterations is its innovative use of Zig-compiled native binaries. For Windows systems, the extension includes a file named win.node, identified as a PE32+ DLL. macOS users are targeted with mac.node, a universal Mach-O binary compatible with both Intel and Apple Silicon architectures. These binaries are designed to load directly into Node.js’s runtime, thereby operating with full system access and bypassing typical sandbox protections.
The infection’s reach extends beyond a single editor. Once the native binary executes, it systematically scans the compromised machine for all IDEs that support VS Code’s extension format. This includes, but is not limited to, VS Code, VS Code Insiders, Cursor, Windsurf, VSCodium, and Positron. A malicious extension is then covertly installed into each detected environment. This means a developer using Cursor alongside a VS Code installation would find both development environments silently compromised without any visible alerts.
How the Multi-IDE Infection Works
The infection sequence begins immediately upon the installation of code-wakatime-activity-tracker. The extension’s activate() function, which is normally responsible for initializing the legitimate WakaTime tool, has been subtly altered by the attackers. Before any genuine WakaTime code can execute, this function loads either win.node or mac.node from the extension’s bundled ./bin/ directory and promptly invokes its install() method. This single call initiates the entire subsequent infection chain.
The native binary then establishes contact with a GitHub Releases page under the control of the attacker to download a malicious .vsix file, named autoimport-2.7.9. This package is crafted to resemble steoates.autoimport, a widely used VS Code extension that millions of developers rely on. Upon successful download, the file is surreptitiously force-installed into every IDE discovered on the machine, leveraging each editor’s own command-line installer. Following the completion of the installation, the downloaded .vsix file is deleted to erase forensic traces.
This second-stage extension is the same GlassWorm dropper that Aikido has meticulously analyzed throughout the campaign’s history. It exhibits a deliberate evasion mechanism, refraining from execution on machines configured with Russian system settings, suggesting a specific targeting strategy by its authors. Once activated, the malware communicates with a command-and-control server that operates via the Solana blockchain, significantly complicating efforts by security teams to block or monitor its activities. Subsequently, the malware covertly exfiltrates data from the infected machine and installs a persistent Remote Access Trojan (RAT), alongside a malicious Chrome extension, further entrenching its presence.
What You Should Do
- Immediately inspect the extension lists within all your IDEs for
specstudio/code-wakatime-activity-trackerandfloktokbok.autoimport. - If either of these extensions is present in any installed editor, consider the machine fully compromised.
- Rotate all credentials, API keys, and stored secrets accessible from the compromised development environment without delay.
- Thoroughly review any code repositories connected to the affected machine for signs of tampering, as the attacker had full system access during the infection window.
- Consider isolating the compromised machine from your network until a full forensic investigation and remediation can be performed.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.