Fake VS Code extension spreads RAT

A Visual Studio Code extension can run code on your computer the moment the editor starts, because extensions are little programs that plug straight into the editor, not just themes or menus. In April 2026, researchers said attackers abused that trust with a fake extension that looked like WakaTime, a real coding time tracker. (aikido.dev) The fake extension was published on Open VSX under the name `code-wakatime-activity-tracker`, and Aikido said it copied the real WakaTime extension’s prompts, icons, and commands closely enough to pass a quick glance. The trick was hidden in the extension’s startup function, which loaded a bundled binary before the normal WakaTime features ran. (aikido.dev) That binary was written in Zig, a programming language that compiles to native machine code, which means code the operating system can run directly like a normal app. Aikido said the file loaded as a Node.js native addon, giving it operating-system-level access outside the usual JavaScript layer developers expect inside extensions. (thehackernews.com) Once that native code started, it searched the machine for every editor that accepts Visual Studio Code extensions, not just Microsoft’s own build. Aikido said it looked for Visual Studio Code, Visual Studio Code Insiders, VSCodium, Positron, Cursor, and Windsurf, then used each editor’s command-line installer to push in a second malicious extension. (aikido.dev) That second extension came from an attacker-controlled GitHub account and pretended to be Auto Import, a real extension from publisher `steoates` with more than 5 million installs on the official marketplace. The fake package used the name `floktokbok.autoimport`, close enough to the real one that a rushed developer could miss the difference. (thehackernews.com) From there, the attack moved past the editor and into full machine compromise. The Hacker News said the second-stage malware stole sensitive data, fetched its command server through the Solana blockchain, and installed a remote access trojan, which is malware that gives an attacker hands-on control of the victim’s computer from somewhere else. (thehackernews.com) Researchers have been tracking this campaign under the name GlassWorm since March 2025, when Aikido found malicious npm packages hiding code in invisible Unicode characters. By March 2026, Malwarebytes said the same campaign was already stealing npm tokens, git credentials, Visual Studio Code secrets, cloud credentials, and browser data from developer machines. (aikido.dev) (malwarebytes.com) The reason attackers keep aiming at coders is simple: a developer laptop often holds the keys to production systems. Malwarebytes said GlassWorm’s later stages can also add persistence with scheduled tasks and Windows Run registry keys, then install a fake Google Chrome extension to watch sessions and steal more data after reboot. (malwarebytes.com) This case also shows why developer tool supply-chain attacks are getting nastier. Instead of hijacking one package and waiting, this extension used one fake plugin to spread itself sideways into other editors on the same machine, turning one bad install into a multi-tool infection path. (aikido.dev) (thehackernews.com) Aikido and The Hacker News said anyone who installed `specstudio.code-wakatime-activity-tracker` or `floktokbok.autoimport` should assume compromise and rotate all secrets. In practice that means changing source-control tokens, cloud keys, package registry credentials, browser sessions, and any passwords stored or used on that machine. (thehackernews.com)