GlassWorm Malware Evolves with Zig-Based Dropper to Target Developer Tools
Breaking NewsCyber CrimeMalwareSecurityCybercrimeGlassWorm malwareHackinghacking newsinformation security newsIT Information SecuritymalwarePierluigi PaganiniSecurity AffairsSecurity News
The GlassWorm malware campaign, active since 2025, has evolved to use a Zig-based dropper concealed within a fake IDE extension to infect developer tools and compromise systems. Initially targeting malicious npm packages, the campaign expanded into large-scale supply chain attacks across GitHub, npm, and VS Code, including the deployment of remote access trojans (RATs) via fake browser extensions. The latest iteration specifically leverages a Zig-based dropper to propagate its payload. No specific CVE IDs or additional technical indicators were mentioned in the reported details.