GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Researchers have found a new version of the GlassWorm campaign This article explores glassw worm used. . It has a new Zig dropper that is meant to get into developers' systems.

Integrated Development Environments (IDEs) An Open VSX extension called "specstudio.code-wakatime-activity-tracker" has revealed a newly discovered technique. This extension pretends to be WakaTime, a popular tool for keeping track of programming time in IDEs. The extension comes with a native binary that has been compiled with Zig and its JavaScript code. This isn't the first time that GlassW Worm has used native compiled code in extensions.

It doesn't use the binary directly as the payload; instead, it uses it as a way for its known dropper to get around. This now secretly spreads to all other Integrated Development. It can find environments on your system.

This extension installs the binary "win.node" on Windows systems and "mac.node" on macOS systems. The extension pretends to be "steoates.autoimport," a popular and real extension that has been downloaded over five million times from the official Visual Studio Marketplace.