top of page
ALL POSTS
CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Developer Supply Chain
Key Findings CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet by simultaneously taking down four command-and-control servers that powered a sophisticated supply chain attack campaign The Russia-based threat group infected over 300 GitHub repositories and compromised hundreds of open-source packages across npm, Python, and VSCode extensions since early 2025 Glassworm deployed a multi-layered resilience strategy using the Solana blockchain, BitTorrent DHT,
May 273 min read
GlassWorm Campaign: Zig Dropper Targeting Developer IDEs
Key Findings GlassWorm campaign discovered using Zig-compiled dropper to infect multiple IDEs on developer machines Malicious VS Code extension "specstudio.code-wakatime-activity-tracker" masquerades as legitimate WakaTime tool Native binary executes outside JavaScript sandbox with full OS-level access to find and compromise all IDE installations Second-stage extension deploys information-stealing malware, avoids execution on Russian systems, and uses Solana blockchain for C2
Apr 112 min read
GlassWorm Malware Leverages Solana Blockchain for Command Delivery and Data Exfiltration
Key Findings GlassWorm campaign evolved to deliver multi-stage malware framework with data theft and remote access capabilities Operators use Solana blockchain transactions as dead drop resolvers to hide command-and-control infrastructure Malware includes hardware wallet phishing targeting Ledger and Trezor devices with fake recovery phrase prompts Chrome extension masquerading as "Google Docs Offline" steals browser data, cookies, and monitors cryptocurrency exchange session
Mar 253 min read
GlassWorm Campaign Exploits 72 VSX Extensions in Developer Supply-Chain Attack
Key Findings * GlassWorm campaign identified targeting developers through 72 malicious Open VSX extensions * Uses sophisticated supply-chain attack technique exploiting extension dependencies * Targets development environments to steal secrets and compromise systems * Employs advanced obfuscation and evasion techniques * Spans multiple platforms including Open VSX, GitHub, and npm registries Background The GlassWorm campaign represents an evolving threat in software supply ch
Mar 152 min read
bottom of page
