GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

The GlassWorm campaign has evolved with a new Zig-based dropper targeting developers' integrated development environments (IDEs). The attack vector involves a malicious Open VSX extension named 'specstudio.code-wakatime-activity-tracker,' which disguises itself as the legitimate WakaTime activity tracker. This supply chain compromise allows attackers to stealthily infect all IDEs installed on a developer's machine. The campaign poses a significant risk to software development environments, potentially enabling threat actors to access source code, inject malicious code into projects, or establish persistent footholds across multiple systems. Organizations should review IDE extensions, verify their sources, and implement strict extension approval processes to mitigate this threat.

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a

The GlassWorm campaign has evolved with a new Zig-based dropper targeting developers' integrated development environments (IDEs). The attack vector involves a malicious Open VSX extension named 'specstudio.code-wakatime-activity-tracker,' which disguises itself as the legitimate WakaTime activity tracker. This supply chain compromise allows attackers to stealthily infect all IDEs installed on a developer's machine. The campaign poses a significant risk to software development environments, potentially enabling threat actors to access source code, inject malicious code into projects, or establish persistent footholds across multiple systems. Organizations should review IDE extensions, verify their sources, and implement strict extension approval processes to mitigate this threat. Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a