GlassWorm Botnet Taken Down After More Than a Year of Developer-Targeted Supply Chain Attacks
CrowdStrike, Google, and the Shadowserver Foundation simultaneously severed all four C2 channels of the GlassWorm botnet on May 26 — ending a persistent campaign that infiltrated npm, PyPI, VS Code extensions, and GitHub repositories since early 2025.
A coordinated takedown operation on May 26 disrupted the GlassWorm botnet, a developer-focused supply chain campaign that had been running for more than a year across npm, PyPI, the Open VSX marketplace, and GitHub. CrowdStrike's Counter Adversary Operations team, working with Google and the Shadowserver Foundation, struck all four command-and-control channels simultaneously at 14:00 UTC, severing the operators from infected machines and cutting off payload delivery.
The timing was deliberate. GlassWorm's C2 infrastructure was built specifically to survive piecemeal takedowns. The actual C2 servers ran on conventional commercial VPS, but reaching them required navigating three independent resolution layers: C2 addresses encoded in Solana blockchain transaction memos, configuration data stored against hardcoded public keys on the BitTorrent DHT network, and Base64-encoded paths dead-dropped into Google Calendar event titles. Each layer was independently resilient — blockchain transactions have no central authority to seize, DHT has no registrar to compel, and Calendar events on a legitimate Google service don't trigger conventional network blocks. Taking down any one layer would have left the operators able to reconstitute through the others. Only a strike across all four simultaneously could sever the connection.
How the Campaign Operated
GlassWorm first appeared in early 2025 as a set of malicious extensions on the Microsoft VS Code Marketplace and Open VSX. The initial wave infected roughly 35,800 developers before the packages were identified and removed. The operators retooled and expanded.
Subsequent waves introduced malicious code through trojanized npm packages in the React Native ecosystem, Python packages on PyPI, AI-related development tooling, and directly poisoned GitHub repositories. By the time of the takedown, more than 300 GitHub repositories had been compromised. A March 2026 campaign alone impacted more than 400 software artifacts.
The malware itself — GlasswormRAT — is a full-featured Node.js remote access tool. On a compromised machine it harvests credentials for npm, GitHub, and Git; drains cryptocurrency wallet browser extensions; deploys a SOCKS proxy and a hidden VNC server for persistent remote access; and conceals its code using Unicode variation selectors that render malicious characters invisible in standard code editors.
The operators also demonstrated persistence in their evasion: over the course of the campaign they ported the malware across three languages — JavaScript, Rust, and Zig — as detections caught up with each iteration.
Why Developers Are the Target
The campaign's focus on developers is not incidental. A developer workstation is a privileged position in the software supply chain. It typically holds SSH keys, cloud provider credentials, API tokens, signing certificates, and access to CI/CD pipelines. Compromising a single machine can produce downstream access to every repository the developer has ever touched — and by extension, to every organization consuming software built from those repositories.
GlassWorm made this explicit. Stolen credentials fed directly into repository poisoning operations: compromised GitHub tokens were used to inject malicious code into repositories the victim had write access to, which in turn became the source of further downstream infections.
Attribution and Status
CrowdStrike attributes GlassWorm to well-resourced, likely Russia-based cybercriminals. The use of blockchain and DHT for C2 persistence, the multi-language malware rewrite cadence, and the sustained operational tempo over more than a year are consistent with a professional criminal organization rather than an opportunistic actor.
The botnet's C2 infrastructure is down. Infected machines, however, remain compromised. Organizations that ship or consume open-source software should audit their developer environments for indicators of compromise — in particular, recently installed VS Code extensions, npm packages with post-install scripts, and unexpected outbound connections to Solana RPC endpoints or BitTorrent DHT ports.
CrowdStrike has published full indicators of compromise in their takedown writeup.