A sophisticated cyber threat, dubbed GlassWorm, is now spreading through a trojanized developer extension on the OpenVSX marketplace, silently infecting multiple code editors. The malicious package, disguised as a legitimate productivity tool, leverages a compiled native binary to compromise popular environments like VS Code, Cursor, and Windsurf, as well as other IDEs that support VS Code’s extension format.
This latest iteration of GlassWorm, identified by Aikido security analysts in April 2026, marks a significant escalation in the campaign that first surfaced in March 2025. Previously, GlassWorm was known for embedding malicious payloads within seemingly innocuous npm packages and had deployed potent Remote Access Trojans (RATs) via fake Chrome extensions. The current widespread infection of development tools poses a severe risk to developers and their sensitive code.
Trojanized OpenVSX Extension Disguised as Productivity Tool
The attack vector is an extension named `code-wakatime-activity-tracker`, published on the OpenVSX marketplace under the `specstudio` account. On the surface, this malicious extension closely mimics the genuine WakaTime productivity tool, presenting identical command options, API key prompts, and status bar icons that developers are accustomed to. This deceptive similarity is designed to lull users into a false sense of security.
The key innovation in this GlassWorm campaign is the use of native binaries compiled with the Zig programming language. On Windows systems, the extension includes a file named `win.node` (a PE32+ DLL), and on macOS, it deploys `mac.node` (a universal Mach-O binary compatible with both Intel and Apple Silicon processors). These binaries are designed to load directly into the Node.js runtime, granting them extensive operating system access beyond the typical sandbox protections that might otherwise limit their malicious activities.
The scope of the infection is particularly concerning. Once executed, the malicious binary actively searches the developer’s machine for any integrated development environments (IDEs) that are compatible with VS Code’s extension architecture. This includes prominent editors such as VS Code, VS Code Insiders, Cursor, Windsurf, VSCodium, and Positron. The malware then proceeds to silently install a malicious extension into each of these identified editors without any user intervention or visible alert.
How the Multi-IDE Infection Works
The infection process is initiated the moment a developer installs the trojanized `code-wakatime-activity-tracker` extension. The extension’s `activate()` function, which should theoretically initialize the WakaTime tool, has been covertly modified by the attacker. Before any legitimate WakaTime code can execute, the attacker’s code takes precedence, loading either `win.node` or `mac.node` from the extension’s bundled `./bin/` directory and immediately executing an `install()` command.
This initial command triggers a chain of further actions. The native binary establishes communication with a GitHub Releases page controlled by the attackers. From this page, it downloads a malicious `.vsix` file, specifically named `autoimport-2.7.9`. This package is crafted to impersonate `steoates.autoimport`, a widely used and trusted VS Code extension downloaded by millions of developers. The downloaded malicious `.vsix` file is then silently force-installed into every detected IDE on the system by utilizing each editor’s native command-line installation capabilities. Following this stealthy installation, the downloaded file is deleted to erase any immediate forensic evidence.
The second-stage extension is the core dropper for the GlassWorm malware, consistent with previous analyses by Aikido. Notably, the malware exhibits a deliberate avoidance of executing on systems configured with Russian language settings, strongly suggesting the attackers’ geographical or operational considerations. Once active, the malware communicates with a command-and-control (C2) server that utilizes the Solana blockchain for its infrastructure. This reliance on a decentralized blockchain makes it exceptionally difficult for security researchers to monitor, block, or disrupt the C2 communications.
Following successful C2 communication, the malware proceeds to exfiltrate sensitive data from the compromised machine. Concurrently, it installs a persistent Remote Access Trojan (RAT) and a malicious Chrome extension, further solidifying its foothold and expanding its malicious capabilities. Developers are strongly advised to immediately review their installed IDE extension lists for `specstudio/code-wakatime-activity-tracker` and `floktokbok.autoimport`. The presence of either extension indicates a high probability of a full system compromise.
In the event of identifying these malicious extensions, affected machines should be treated as compromised. All credentials, API keys, and sensitive secrets accessible from the compromised environment must be rotated without delay. Furthermore, any code repositories connected to the affected machine should undergo a thorough review for any signs of unauthorized modification or tampering, given the complete system access the attacker possessed during the infection window.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
