Back to News
Cyber Attack

GlassWorm Uses Zig Dropper to Infect Developer IDEs and Open Source Repos

CyberSecurityWaala 24 hours ago Apr 10, 2026
GlassWorm Uses Zig Dropper to Infect Developer IDEs and Open Source Repos

Security researchers have discovered a fresh evolution of the GlassWorm campaign. Aikido Security said the threat now uses a Zig-compiled dropper inside a fake extension to infect multiple integrated development environments on a developer machine. The manipulation is subtle. The impact can be broad.

What researchers found

Aikido Security researchers, led by Ilyas Makari, found the malicious code inside an Open VSX extension named specstudio.code-wakatime-activity-tracker. The extension posed as WakaTime, a legitimate tool that measures time spent in an IDE. “The extension ships a Zig-compiled native binary alongside its JavaScript code,” Makari said in an analysis published this week.

That binary is not inert. Aikido said the Node native addon loads into Node.js and runs outside the JavaScript sandbox. On Windows, it appears as win.node. On macOS, it appears as mac.node. Aikido reported these binaries seek out every editor that can host VS Code extensions. This includes Visual Studio Code, VS Code Insiders, VSCodium, Positron, and several AI-powered coding tools such as Cursor and Windsurf.

How the infection spreads

Aikido explained the dropper downloads a malicious VSIX package from an attacker-controlled GitHub account. The package, called floktokbok.autoimport, impersonates an established extension named steoates.autoimport. The dropper writes the VSIX to a temporary path and then silently installs it into every detected IDE via each editor’s CLI installer.

According to Aikido, the second stage behaves like a classic supply-chain dropper. It avoids execution on Russian systems. It queries the Solana blockchain to discover its command-and-control server. It exfiltrates credentials and other sensitive data. It can also install a remote-access trojan that deploys an information-stealing Chrome extension.

Broader campaign activity

This incident is part of a wider wave of activity that has hit GitHub, npm, and VS Code ecosystems. Aikido said the group has been active for nearly a year and continues to adapt its techniques. In their March 2026 analysis, Aikido reported at least 151 repositories matching the invisible Unicode decoder pattern used in prior GlassWorm attacks. The firm noted the actual number is likely higher because many compromised repos were removed.

Aikido highlighted several notable repositories affected on GitHub, including projects from Wasmer and pedronauck. The firm also listed compromised npm packages and a VS Code extension published on March 12, 2026. Aikido warned that the commits carrying the injection were intentionally low-noise. “Changes look like version bumps, docs edits or small refactors,” the report said. That makes manual detection difficult.

Why this is clever and dangerous

The campaign chains multiple evasion tricks, from invisible Unicode payloads to using Solana for command-and-control. This multi-stage attack is a classic example of the cyber kill chain. Detection is hard if you rely only on visual code review. Aikido said standard linting will miss these attacks. The firm said it has added invisible Unicode detection to its scanning pipeline and recommends treating suspicious packages as compromises.

What developers should do now

  • Assume compromise. Aikido advised that users of specstudio.code-wakatime-activity-tracker or floktokbok.autoimport should assume they are compromised.
  • Rotate secrets. Change tokens, keys and other credentials that may have been exposed, Aikido recommended.
  • Scan repositories. Use automated scanning that detects invisible Unicode payloads and native add-ons embedded in extensions.
  • Restrict install sources. Prefer official marketplaces and validate publisher details before installing extensions or packages.

Supply chain attacks continue to shift and scale. Aikido said GlassWorm shows how attackers adapt by mixing native code, invisible payloads, and decentralized delivery channels. The firm urged defenders to combine automated detection, careful review and rapid secret rotation to limit damage. For a detailed guide on what to do next, learn how to respond to a cybersecurity incident.

#cybersecurity #supplychain #GlassWorm #devsecops #infosec