Malicious Extension Hits Code Editors

A Trojanized developer extension on the OpenVSX marketplace is covertly distributing a known malware strain, GlassWorm, to several code editors on developers’ systems. This malicious package poses as a legitimate productivity tool, using compiled native binaries to infect editors like VS Code, Cursor, and Windsurf without detection.

Understanding the GlassWorm Threat

GlassWorm first emerged in March 2025, embedding harmful payloads within invisible Unicode characters in npm packages. Over the past year, its impact has expanded, targeting numerous projects on platforms such as GitHub, npm, and VS Code. Previously, the campaign’s most severe attack involved deploying a persistent Remote Access Trojan via a counterfeit Chrome extension to log keystrokes and steal session cookies.

In April 2026, Aikido security analysts, who have been monitoring the GlassWorm campaign, identified a new tactic. The attack was embedded in an OpenVSX extension named code-wakatime-activity-tracker, published by the specstudio account. This extension mimics the genuine WakaTime productivity tool in functionality and appearance.

Technical Details of the Attack

This iteration of GlassWorm utilizes Zig-compiled native binaries, distinguishing it from previous versions. On Windows systems, the extension includes a file named win.node, a PE32+ DLL, while on macOS, it comprises mac.node, a universal Mach-O binary compatible with both Intel and Apple Silicon hardware. These files integrate directly into Node.js’s runtime, bypassing standard sandbox protections to operate with full system access.

The attack extends beyond a single editor. Upon execution, the binary scans the system for compatible IDEs that support VS Code’s extension format, such as VS Code, VS Code Insiders, Cursor, Windsurf, VSCodium, and Positron, and silently installs a malicious extension in each one. Developers using Cursor alongside VS Code may find both environments compromised without any visible alerts.

Mechanism of Multi-IDE Infection

The infection process initiates when a developer installs the code-wakatime-activity-tracker extension. The extension’s activate() function, intended to launch the WakaTime tool, has been subtly modified by the attacker. Before running any legitimate code, the function loads either win.node or mac.node from the bundled ./bin/ directory and calls install(), setting off the infection chain.

Subsequently, the binary contacts an attacker-controlled GitHub Releases page to download a malicious .vsix file named autoimport-2.7.9, resembling the popular steoates.autoimport VS Code extension. This file is stealthily installed across all detected IDEs, then deleted to erase any evidence of its presence.

Protective Measures and Recommendations

Developers should promptly check their IDE extension lists for specstudio/code-wakatime-activity-tracker and floktokbok.autoimport. If found, the system should be considered compromised, and all credentials, API keys, and stored secrets accessible from the environment should be rotated immediately. Any connected code repositories should be examined for signs of tampering, as the attacker had full system access.

Stay informed by following us on Google News, LinkedIn, and X, and set CSN as a preferred source on Google for more updates.