Fake VS Code Extension Malware

A code editor extension is a plug-in that runs inside a developer’s workspace, and researchers say one fake Visual Studio Code add-on used that trust to install malware. (aikido.dev) Aikido Security said on April 8 that an Open VSX extension called `specstudio.code-wakatime-activity-tracker` impersonated WakaTime, a legitimate coding time tracker, and bundled a native binary compiled in Zig. The Hacker News reported the follow-on analysis on April 10. (aikido.dev) (thehackernews.com) That binary was packaged as `win.node` on Windows and `mac.node` on macOS, then loaded through Node.js native addons, which let code run outside the usual JavaScript sandbox with operating-system access. Aikido said the payload searched the machine for every editor that supports Visual Studio Code extensions. (aikido.dev) (thehackernews.com) Researchers said the malware then pulled down a second extension, `floktokbok.autoimport`, from an attacker-controlled GitHub account and silently installed it into editors including Visual Studio Code, Visual Studio Code Insiders, VSCodium, Positron, Cursor, and Windsurf. The fake `autoimport` package copied the name of `steoates.autoimport`, a real extension with more than 5 million installs on Microsoft’s marketplace. (thehackernews.com) (marketplace.visualstudio.com) Open VSX is an Eclipse Foundation-run alternative registry for Visual Studio Code extensions, and many Visual Studio Code-based editors can install packages from it. That makes one malicious listing a path into multiple development tools on the same machine. (open-vsx.org) (github.com) The file format in this chain was a `.vsix` package, the standard container used to ship extension binaries and metadata. Microsoft’s documentation says a VSIX package can include binaries and supporting files, which is why a poisoned extension can carry more than simple script code. (learn.microsoft.com) The second-stage extension did more than persist inside the editor. The Hacker News said it checked for Russian locale settings, used the Solana blockchain to locate command-and-control infrastructure, exfiltrated data, and installed a remote access trojan that later dropped a malicious Google Chrome extension. (thehackernews.com) (aikido.dev) This campaign is part of a longer run that researchers track as GlassWorm. In March, The Hacker News reported that Socket had found at least 72 malicious Open VSX extensions tied to the same operation since January 31, 2026, including packages that abused extension dependencies to pull in malware after users had already installed a benign-looking add-on. (thehackernews.com) Microsoft’s own documentation says extensions can add languages, debuggers, and tools directly into the editor interface, which is why they are so attractive to attackers targeting developer machines. Those machines often hold source code, cloud credentials, package publishing tokens, and signed build pipelines. (code.visualstudio.com) (thehackernews.com) Aikido and The Hacker News said users who installed `specstudio.code-wakatime-activity-tracker` or `floktokbok.autoimport` should assume compromise and rotate secrets. The fake WakaTime package has been removed from download, but the case shows how a single extension install can spread past one editor window and into the rest of a developer’s toolchain. (aikido.dev) (thehackernews.com)