GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Hold up, devs — your IDE might be the next target. A new malware campaign dubbed 'GlassWorm' is hitting developers hard, using a sneaky Zig dropper to infect multiple IDEs. It's all about that fake WakaTime VS Code extension, spreading through Open VSX to drop RATs and steal your precious data. Time to rotate those creds, like, yesterday.

The attack kicks off with a malicious extension masquerading as WakaTime, a legit productivity tool. Once installed, it deploys a Zig-based dropper — yeah, that low-level language — to infect Visual Studio Code and other IDEs. This isn't just a simple hack; it's a full-blown supply chain nightmare, targeting devs at their core workflow.

Security researchers are sounding the alarm: this campaign is sophisticated, leveraging blockchain tech to obscure its tracks. It's not just about malware — it's about info-stealing, remote access, and turning your dev environment into a hacker's playground. If you've installed any sus extensions lately, check your systems ASAP.

Bottom line: This is a wake-up call for the dev community. With tags like Malware, Information Stealer, and Software Supply Chain, it's clear — attackers are going after the tools you trust. Stay vigilant, update your extensions from trusted sources only, and maybe give your security setup a serious look. Because in 2026, your code isn't the only thing that needs protecting.