WHOBUILT ™SUBSCRIBE →

GlassWorm Zig Dropper Now Infects Every IDE You Have

APR 14DEV4 MIN READ851110 COMMENTS

Aikido security researchers discovered in April 2026 that GlassWorm, an ongoing IDE supply-chain attack campaign, has added a Zig-compiled native binary dropper to its toolkit. The technique was found hidden inside an Open VSX extension named specstudio.code-wakatime-activity-tracker — a nearly pixel-perfect impersonation of WakaTime, the popular developer productivity tracker used by hundreds of thousands of developers. If you installed it, assume the machine is compromised and rotate every credential it could have reached.

How the Zig Dropper Operates Inside the Fake Extension

The malicious extension mirrors WakaTime's user interface exactly — same command options, same API key prompts, same status bar icons as the legitimate tool. Nothing visually distinguishes it from the real package. Under the hood, it ships a Zig-compiled native binary: win.node on Windows (a PE32+ DLL) and mac.node on macOS (a universal Mach-O binary that runs on both Intel and Apple Silicon). These files load directly into Node.js's runtime and operate outside standard VS Code sandbox protections, giving them full operating system access from the moment the extension activates.

Once the binary executes, it downloads a second-stage malicious VS Code extension (.VSIX) from an attacker-controlled GitHub account and writes it to a temporary path. The downloaded extension is then silently installed into every IDE on the machine using each editor's own command-line installer. A developer running Cursor as their primary editor but with VS Code also installed gets both compromised from a single extension install in either editor. GlassWorm identifies all IDEs present on the machine — VS Code, Cursor, Windsurf — and runs each one's CLI installer against the same malicious VSIX. No additional user interaction is required after the initial extension install.

The Solana C2 Infrastructure and What Attackers Do With Access

The second-stage extension manages the malware's surveillance and persistence. Rather than contacting a fixed command-and-control server — which defenders can block by IP or domain — GlassWorm reads its C2 address from the Solana blockchain. This architecture makes the campaign's infrastructure nearly impossible to neutralize through conventional server takedowns or DNS blocking. Security teams cannot sinkhole a blockchain. The malware also avoids execution on machines with Russian system locale settings, consistent with the geographic attribution pattern seen across all prior GlassWorm variants.

Once active, the second-stage payload exfiltrates credentials, API keys, environment variables, and SSH keys from the infected machine. It installs a persistent remote access trojan (RAT) that survives extension removal and maintains access even if the developer notices and uninstalls the original fake WakaTime extension. The RAT then deploys a malicious Google Chrome extension that monitors live browser sessions and steals credentials from active web logins. For a developer machine that holds keys to OpenAI, AWS, GitHub, internal APIs, and staging environments, a complete GlassWorm compromise reaches every service those credentials can access — including production systems.

Scale of the Campaign and Immediate Response Steps

Aikido researchers identified at least 72 malicious Open VSX extensions connected to GlassWorm since January 31, 2026. The broader supply chain pressure is substantial: Sonatype's 2026 State of the Software Supply Chain report documented over 454,000 new malicious packages across npm, PyPI, and Maven Central in 2025 alone, with more than 1.2 million known malware packages now catalogued. Developer tooling continues to be one of the most high-value targets in supply chain attacks because developer machines hold access to production systems, cloud credentials, and source code repositories simultaneously.

If you installed specstudio.code-wakatime-activity-tracker or floktokbok.autoimport, treat the machine as fully compromised. Rotate every API key, token, database password, cloud service credential, and SSH key stored on it or accessible through environment variables. Check outbound network logs from around the install date. Remove the extension and audit all recently installed extensions against publisher histories and verified accounts before reinstalling them.

// ENGLISH
KEY POINTS:

- GlassWorm's Zig dropper hides in specstudio.code-wakatime-activity-tracker on Open VSX
- Zig binary loads into Node.js runtime, bypasses VS Code sandbox, gains full OS access
- Installs second-stage VSIX into every IDE on the machine — VS Code, Cursor, Windsurf
- Uses Solana blockchain as C2 — cannot be blocked by traditional IP or DNS takedowns
- Deploys persistent RAT and malicious Chrome extension that steals browser credentials
- 72 malicious Open VSX extensions found by Aikido since January 31, 2026