GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

The GlassWorm campaign has evolved with a new Zig-based dropper targeting developer environments via a malicious Open VSX extension disguised as WakaTime activity tracker. The campaign compromises all IDEs on a developer's machine, potentially giving threat actors access to source code repositories, software supply chains, and sensitive credentials. This supply chain attack vector poses significant risk to organizations using affected extensions. Developers should immediately audit installed extensions, verify publisher authenticity, and remove suspicious WakaTime-related add-ons. Security teams should monitor for unusual IDE behavior and implement extension verification controls.

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a

The GlassWorm campaign has evolved with a new Zig-based dropper targeting developer environments via a malicious Open VSX extension disguised as WakaTime activity tracker. The campaign compromises all IDEs on a developer's machine, potentially giving threat actors access to source code repositories, software supply chains, and sensitive credentials. This supply chain attack vector poses significant risk to organizations using affected extensions. Developers should immediately audit installed extensions, verify publisher authenticity, and remove suspicious WakaTime-related add-ons. Security teams should monitor for unusual IDE behavior and implement extension verification controls. Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a