"Since at least early 2025, GlassWorm operators have systematically targeted software developers, a population with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries," CrowdStrike said.
Who disrupted the campaign and what they did
CrowdStrike, working in partnership with Google and the Shadowserver Foundation, announced a coordinated operation that simultaneously disrupted all command-and-control (C2) channels used by GlassWorm. The action neutralized four distinct resolution layers so that infected machines, CrowdStrike said, can no longer receive new instructions or payloads.
How GlassWorm reached developer workstations
Since its emergence last year, GlassWorm ran a multi-pronged campaign focused on the developer community. Operators trojanized Visual Studio Code extensions and published them to both the Microsoft VS Code Marketplace and Open VSX, enabling the campaign to reach users of VS Code forks such as Cursor, Positron, Windsurf, and VSCodium. The actors also introduced malicious code through compromised npm and Python packages.
The campaign’s stated objective was to deliver a data-theft framework capable of credential harvesting, cryptocurrency wallet exfiltration, and system profiling — a set of goals designed to turn a single compromised developer workstation into a platform for wider compromise.
Post-compromise capabilities: GlassWormRAT, browser theft, and covert infrastructure
Later iterations deployed a Websocket-based JavaScript RAT called GlassWormRAT that stole web browser data and executed arbitrary code. That payload has been observed installing a Google Chrome extension that collects sensitive data including screenshots, keystrokes, and clipboard content from the infected host.
Once active the malware searched hosts for developer credentials. "Once active, the malware searches the host for developer credentials (GitHub, NPM, OpenVSX tokens, crypto wallets), enabling further compromise of repositories and package uploads," Endor Labs researcher Kiran Raj said.
Infected machines were also converted into covert infrastructure: SOCKS proxies, hidden VNC (HVNC) servers, and remote execution nodes (via WebRTC or spawned Node.js processes). That mix provided anonymized network access into corporate and personal networks and a platform to propagate further.
Resilient C2 design: Solana, BitTorrent DHT, Google Calendar, and VPS
- Using the Solana blockchain as a dead-drop resolver by storing C2 server addresses in the memo fields of transactions;
- Querying the BitTorrent Distributed Hash Table (DHT) peer-to-peer network to retrieve configuration data;
- Employing Google Calendar as a dead drop, fetching the C2 server address from event titles;
- And directly connecting to C2 infrastructure hosted on commercial VPS providers.
CrowdStrike described the combination of blockchain, peer-to-peer, and legitimate web services as resolution layers "designed to be resilient against takedowns - a dynamic front protecting the actual C2 servers behind multiple layers of indirection." The takedown action targeted and neutralized all four channels simultaneously.
Scale, attribution, and the stakes for consumers of code
CrowdStrike said the malicious activity had poisoned more than 300 GitHub repositories using stolen developer credentials. Describing the GlassWorm operators as "well-resourced and persistent," the company attributed the activity to likely Russia-based cybercriminals, noting the malware terminates execution on systems located in Commonwealth of Independent States countries and contains Russian-language comments.
"The software supply chain remains one of the most consequential attack surfaces in modern computing," CrowdStrike concluded, warning that the low barrier to poisoning a package or extension paired with a large blast radius makes developer ecosystems a high-value target.
What this means for software developers, enterprises, and end users
- Software developers: the campaign underlines the need to safeguard developer environments, build pipelines, and code repositories; stolen developer credentials were the mechanism that allowed repository compromise and package uploads.
- Enterprises and downstream consumers of software: organizations that consume libraries, tools, and updates inherit risk from the people who produce them — CrowdStrike warned that under-protected developer environments can become weaponized delivery mechanisms.
- End users: because the operation targeted package registries, extensions, and repositories used broadly, compromised developer machines had the potential to affect thousands of downstream organizations and users through poisoned dependencies.
GlassWorm’s neutralization removed the attackers’ active channels for issuing new commands, but CrowdStrike’s description — that adversaries invested in resilient, multi-layered resolution mechanisms to maintain persistent access to developer ecosystems — leaves a clear point: defenders and maintainers of developer tooling and registries will need to reckon with threat actors' willingness to blend blockchain, peer-to-peer, and legitimate cloud services into their infrastructure.




