π―GlassWorm is a sneaky type of malware that hides in fake tools developers use. It tricks them into installing it, then spreads to other programs on their computers. It's like a wolf in sheep's clothing, and developers need to be careful about what they install.
What Happened
In a significant escalation of supply chain attacks, the GlassWorm malware campaign has evolved to target developer environments. On March 13, 2026, the Socket Research Team reported discovering at least 72 new malicious Open VSX extensions associated with this campaign. Instead of embedding the malicious payload directly, attackers now use a clever technique that involves transitive dependencies, allowing them to infect systems after initial trust is established.
The attackers disguise their malicious software by first publishing seemingly harmless extensions. Once developers install these extensions and trust them, the attackers push out updates that modify the extensionβs manifest files. This hidden update links to a separate GlassWorm loader, which is installed automatically in the background. This approach makes it nearly impossible for standard code reviews to catch the malicious activity.
Recent investigations by Aikido security analysts revealed that the malware now uses compiled native binaries to infect multiple code editors simultaneously. A malicious package disguised as a legitimate productivity tool, called code-wakatime-activity-tracker, has been identified in the OpenVSX marketplace. This extension is nearly identical to the legitimate WakaTime tool, making it difficult for developers to detect the threat.
How the Multi-IDE Infection Works
Once a developer installs the code-wakatime-activity-tracker, the extension's activate() function is altered to load a binary file (either win.node for Windows or mac.node for macOS) that operates with full access to the operating system. This binary scans the machine for all IDEs that support VS Codeβs extension format and silently installs a malicious extension into each one. This means that if a developer is using both Cursor and VS Code, both environments could be compromised without any visible warning.
In addition, a newly identified Zig dropper has been discovered within the same extension, which ships a Zig-compiled native binary alongside its JavaScript code. This binary is used as a stealthy indirection for the known GlassWorm dropper, allowing it to infect all IDEs on a developer's machine, including Microsoft VS Code, VSCodium, and AI-powered tools like Windsurf. The Zig binary runs outside the JavaScript sandbox, enabling it to execute with full system access and download further malicious extensions from GitHub, disguised as legitimate plugins.
Who's Being Targeted
The GlassWorm campaign primarily targets developers, particularly those using popular tools and programming languages. The malicious extensions impersonate widely-used utilities like Prettier and ESLint, as well as language-specific tools for Python, Vue, Angular, and Flutter. Notably, the campaign also targets developers utilizing AI tools, with extensions mimicking popular AI assistants like Claude Code and Codex. To enhance their deception, attackers have employed typosquatting techniques, where they create extensions with slight variations of legitimate publisher names. This strategy aims to trick unsuspecting developers into believing they are downloading safe tools, thus increasing the likelihood of infection.
Signs of Infection
The latest variants of GlassWorm exhibit advanced capabilities that make detection challenging. Some indicators of compromise include: These features allow the malware to remain resilient and evade traditional security measures, posing a significant threat to developer environments.
Infrastructure rotation
Advanced obfuscation
Remote decryption
Multi-IDE infection
Zig dropper
How to Protect Yourself
To defend against the GlassWorm threat, development teams must adopt new security practices. Here are some recommended actions: By implementing these measures, developers can better safeguard their environments against the evolving GlassWorm malware campaign.
Detection
- 1.Audit version history: Regularly check the version history of installed extensions for any newly introduced relationships that could indicate malicious activity.
- 2.Review update chains: Instead of only scanning the current extension code, examine the entire installation and update history.
- 3.Hunt for indicators of compromise: Look for signs such as Solana memo lookups or unusual locale gating in the code.
Removal
- 4.Remove known threats: Immediately block and uninstall any identified GlassWorm-linked packages from workstations and check for exposed environment tokens.
- 5.Check IDE extension lists: Developers should verify their IDEs for the presence of the specstudio/code-wakatime-activity-tracker and floktokbok.autoimport extensions, treating any detection as a full compromise.
The evolution of the GlassWorm malware campaign highlights the increasing sophistication of supply chain attacks. Developers must remain vigilant and adopt proactive security measures to mitigate risks associated with these threats.
.webp)
