GlassWorm: how to check if the IDE supply chain attack installed a Chrome infostealer
GlassWorm compromised 72+ Open VSX IDE extensions to deploy a Chrome infostealer stealing session cookies via Solana blockchain C2. Here's what to check.
Most browser extension attacks start in the Chrome Web Store. GlassWorm took a different route — it started in your code editor.
The GlassWorm campaign, which Malwarebytes first documented in March 2026 and Aikido Security analyzed in depth in April 2026, has evolved into a multi-stage supply chain attack that begins with a trojanized IDE extension and ends with a hidden Chrome infostealer silently exfiltrating your session cookies and keystrokes. The command-and-control infrastructure runs through Solana blockchain memos, making it nearly immune to the domain takedowns that disrupt most malware campaigns. If you've installed any IDE extensions from the Open VSX registry in the past three months — or if you work alongside developers who have — here's what you should check today.
What GlassWorm actually does
According to CSO Online, the GlassWorm campaign has compromised more than 72 extensions on Open VSX since January 31, 2026. The attackers disguised their malicious packages as trusted developer tools: ESLint, Prettier, Angular, Flutter, Python, Vue, WakaTime, and even AI coding assistant forks impersonating Claude Code and Codex.
The documented entry point is a package called specstudio.code-wakatime-activity-tracker — a convincing imitation of the popular WakaTime developer time-tracker. Once you install it, something unusual happens before any obviously malicious behavior begins. The extension loads a native binary compiled in Zig — a systems programming language designed to produce small, dependency-free executables that run entirely outside the JavaScript sandbox with full OS-level privileges. Aikido Security's April 2026 analysis confirmed that the macOS version was compiled with debug symbols still present, revealing a project path that traces back to a developer named "davidioasd." Windows gets a win.node file; macOS gets mac.node. Either way, this binary runs with the same privileges as anything else on your computer.
What the binary does next is the clever part. Rather than immediately exfiltrating data, it maps out every IDE installed on the machine that supports the VS Code extension format. Then it silently installs the malicious payload into all of them using each editor's own command-line installer. Malwarebytes confirmed the targeted editors include VS Code, VS Code Insiders, VSCodium, Cursor, Windsurf, and Positron — the AI-powered forks increasingly popular with developers who use coding assistants. One infected extension from Open VSX becomes six infections across every tool in your editor collection.
The final stage is a Chrome extension infostealer. It doesn't announce itself. According to Malwarebytes, it runs silently in the background logging keystrokes and extracting session cookies from your Chrome profile, then uploads that data to its operators. The C2 addresses aren't hosted on any traditional domain. They're embedded in transaction memos on the Solana blockchain — a technique borrowed from the "EtherHiding" family of blockchain-based malware infrastructure that has appeared in multiple 2026 campaigns. There's no domain to block, no IP to sinkhole, and no certificate authority that can revoke access.
One additional detail from Aikido Security's research: the dropper geofences Russian IP addresses and won't execute on machines resolving to Russian ISPs. That's a common signal in Eastern European threat actor campaigns designed to avoid prosecution under local law.
Why session cookie theft matters more than it sounds
Session cookies are the keys to your kingdom, and they're much more dangerous to lose than a password.
When you log into your bank, your email, or your corporate HR system, the server issues a session cookie that proves you're already authenticated. That cookie lives in your browser. An attacker who steals it doesn't need your password — they can replay it from anywhere in the world and access your account exactly as if they were sitting at your keyboard. Multi-factor authentication doesn't help once a session is already established. Password rotation doesn't help either, because the session token is separate from your password.
This means the GlassWorm Chrome infostealer doesn't need to crack anything. It just waits for you to log in — to GitHub, to AWS, to Google Cloud, to your company's expense system — and grabs the token that proves you're already there. For developers, this includes Chrome Web Store developer dashboard sessions, which would let an attacker push malicious updates to any extension you've published.
I want to be clear about the scope here: this isn't just a developer problem. If you work in an organization with an engineering team and share any browser-based tools with those developers — internal dashboards, CI/CD systems, shared project management software — the blast radius extends beyond individual machines. An infected developer's browser session can expose credentials for systems the entire team relies on.
The Solana angle: why your existing defenses probably won't catch this
Traditional endpoint security tools detect malware by watching for known bad domains, known bad IP addresses, or known malicious signatures in files. GlassWorm was built to defeat all three.
The Zig binary compiles to a clean native Node.js addon format, which looks nothing like traditional JavaScript malware. The Solana blockchain C2 means there's no domain to add to a blocklist — the blockchain is immutable and distributed, so the C2 channel remains operational regardless of what any security vendor or law enforcement agency does. Even if the entire malware analysis community flags the Solana wallet addresses used as C2 endpoints, the attackers can rotate to new addresses by publishing new blockchain memos, and the infected extension can simply read the new address on its next check-in.
This puts behavioral detection — watching for unusual extension activity — significantly ahead of signature-based detection for catching this class of threat. Which is exactly why auditing what your extensions are actually doing is worth your time.
How to check if you're affected
Step 1: Audit your Chrome extensions now. Go to chrome://extensions/ and look carefully at everything listed. The GlassWorm Chrome infostealer would appear as an extension you didn't deliberately install — likely a productivity tool, AI assistant, or developer utility you have no memory of adding. If anything looks unfamiliar, check it against catalog.extenshi.io to review its permission footprint. An extension requesting access to all sites plus cookie access with no clear reason for both is a red flag.
Step 2: Check for the known malicious extension identifiers. The two documented GlassWorm entry points are specstudio.code-wakatime-activity-tracker and floktokbok.autoimport. If either is currently installed in any of your IDEs, treat your machine as compromised and move immediately to credential rotation. Also worth checking: your VS Code, Cursor, Windsurf, or VSCodium extension directories for any .node files you don't recognize that were created in the past 90 days.
Step 3: Compare your IDE extension list against the official pages. GlassWorm succeeded because display names look legitimate but publisher identities don't match. If you use Open VSX (default in Cursor, Windsurf, and VSCodium since they don't have access to the official VS Code Marketplace), cross-check your installed extensions against the official publisher pages. The real WakaTime extension publisher is WakaTime, not specstudio. One character difference in a publisher ID means a completely different piece of software.
Step 4: Rotate credentials if you have any doubt. If you believe your machine may have been exposed — even indirectly — log out of all active sessions, generate new passwords for high-value services, and revoke and reissue any API tokens, OAuth credentials, or npm tokens stored in your browser profile or IDE. The session cookies already exfiltrated can't be invalidated without logging out, so session termination has to happen first.
Step 5: Run a permissions audit on your Chrome extensions. Cookie access plus access to all URLs in a browser extension that you didn't deliberately install is a strong signal of a credential-harvesting tool. The Extenshi extension scanner checks each installed extension against known permission patterns and security scores, which helps identify extensions that are pulling more access than their stated purpose requires.
The bigger pattern: IDE extensions as browser attack vectors
GlassWorm isn't an isolated incident. It's part of a broader shift in 2026 where developer tooling — IDEs, npm packages, CI/CD configurations — is being used as the initial entry point for campaigns that ultimately target browser sessions and credentials.
The Solana blockchain C2 technique has appeared independently in Remus, a Lumma Stealer successor documented by Gen Digital in April 2026. The IDE-to-browser attack chain has shown up in the GlassWorm family across multiple variants since January. What this tells me is that attackers are systematically working through the trust surfaces developers haven't locked down yet. Traditional Chrome Web Store scrutiny, imperfect as it is, puts at least some friction on browser extension distribution. Open VSX and other alternative registries have significantly less security review infrastructure.
If you're managing extensions across an organization, this is the argument for adding IDE extension governance to your browser extension policy — not as a separate concern, but as the same problem. The attack that delivers a Chrome infostealer may start three steps earlier in a different tool entirely.
How Extenshi fits in
Keeping track of what's actually installed in your browser — across everyone's browser in an organization — is harder than it sounds. Extensions update silently, get added by users without IT approval, and the Chrome Web Store doesn't notify you when an extension you installed turns malicious after an ownership change.
The Extenshi catalog tracks security scores, permission profiles, and known threat activity for browser extensions across Chrome, Firefox, and Edge. If you want to do a quick one-time check after reading about GlassWorm, start there — enter any extension name or Chrome extension ID to get its permission analysis and see whether anything unusual is present. For ongoing visibility, Extenshi's sync feature tracks all installed extensions across browsers and can flag when new extensions appear that you didn't expect.
This article is based on publicly available security research and news reporting. Extenshi does not independently verify all claims made by third-party researchers. References to specific companies or products reflect the findings of cited sources and do not constitute accusations of intentional wrongdoing. If you believe any information is inaccurate, please contact us at [email protected].
Related Articles
ShadyPanda: how to find browser extensions that turned malicious after you installed them
ShadyPanda ran 145 malicious extensions on Chrome and Edge for 6 years, from affiliate fraud to keylogging spyware with 4.3M installs. How to check yours.
Zero-permission malware droppers: how to check if any of your extensions can be weaponized
LayerX Labs showed any browser extension — even ones with no permissions — can silently modify your downloads to deliver malware. Here's how to stay safe.
Extension ownership transfers: how to protect yourself when your add-on changes hands
QuickLens was hijacked via ownership transfer to push ClickFix attacks and crypto-stealing malware. Here's how to check your extensions are still safe.