All Glassworm‑infected machines now beacon to the benign CrowdStrike‑operated IP address 164.92.88[.]210, a visible sign that the worm’s operators have been cut off, CrowdStrike said.
How CrowdStrike, Google and Shadowserver executed the disruption
CrowdStrike’s Counter Adversary Operations team, working with Google and the Shadowserver Foundation, hit every Glassworm command‑and‑control (C2) channel simultaneously at 1400 UTC on Tuesday, “severing the operators from their infected machines and their ability to deliver new malicious payloads,” the company wrote on its blog. Google Threat Intelligence Group chief analyst John Hultquist confirmed his company’s involvement in a social media post, saying: “As part of our disruption efforts, we are working with partners to bring more pain to attackers, especially when we see them abusing our products or targeting our users.” A Google spokesperson declined to provide additional details to The Register about Google’s role in the takedown.
Glassworm’s multi‑channel C2 architecture — and why it mattered
Glassworm deliberately used four distinct C2 channels to frustrate takedown attempts, according to the account published by CrowdStrike and reported by The Register. Those channels included: C2 server addresses encoded into the memo fields of Solana blockchain transactions; Google Calendar event titles used as dead‑drop locations for Base64‑encoded C2 paths; a decentralized BitTorrent Distributed Hash Table (DHT) holding configuration data keyed to hardcoded public keys; and conventional C2 servers hosted on commercial VPS providers. CrowdStrike wrote that disrupting all four channels “required precision and timing” because “taking down only one channel would have left the others operational, allowing the operators to quickly reconstitute.”
Infection vectors and the targeting of developers
First spotted by endpoint security shop Koi in October 2025, Glassworm was a self‑propagating, credential‑stealing worm that specifically targeted developers’ environments. It used invisible Unicode‑based code injection and a Node.js remote access tool dubbed GlasswormRAT. Its earliest targets included VS Code extensions on the OpenVSX marketplace; it later spread through npm and Python packages and, according to the reporting, poisoned more than 300 GitHub repositories using stolen credentials harvested in earlier infections. The worm ran on Windows, macOS and Linux systems, converting compromised developer machines into criminal proxy nodes and stealing credentials and other sensitive information.
What this means for developers, open‑source maintainers, and security teams
- Developers: The operation underscores a shift CrowdStrike highlighted: adversaries are “no longer just targeting products, they're targeting the developers who build them.” Developers who publish or consume packages and extensions — especially on OpenVSX, npm and Python package indexes — should assume their toolchains and accounts could be targeted and audited accordingly.
- Open‑source maintainers: More than 300 GitHub repositories were reportedly poisoned using credentials stolen by Glassworm. Remediation of poisoned repositories and compromised maintainer credentials will be a concrete task following the disruption of operator C2 access.
- Security teams and incident responders: CrowdStrike has routed beacons to 164.92.88[.]210 and is urging organizations to review network logs and endpoint telemetry for connections to that address as an indicator of infection. The multi‑channel C2 design shows defenders must consider resilient, layered takedown and containment plans rather than one‑off blocks.
Indicators, immediate steps and remaining questions
Operationally, CrowdStrike says all infected hosts now point to the CrowdStrike‑operated IP and recommends that organizations scan logs and telemetry for connections to 164.92.88[.]210 — a practical indicator tied directly to the disruption. The takedown severs operator control, but the reporting notes that Glassworm had already stolen credentials and poisoned hundreds of repositories; remediation of those artifacts and any downstream supply‑chain impacts remains an open, practical task for affected projects and organizations. The disruption also arrived amid parallel supply‑chain activity: Mini Shai‑Hulud and earlier Shai Hulud infections had already been observed ripping through open‑source code and npm packages, illustrating that self‑replicating worms abusing developer ecosystems continue to be an active threat.
For now, the technical feat is clear: coordinated action disabled the operators’ live control over Glassworm by cutting four different C2 channels at once. What follows is a longer, quieter work of clean‑up — restoring compromised repositories, rotating stolen credentials, and hardening developer tooling against the kinds of invisible code injection and decentralized C2 tricks Glassworm used.




