CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions.
“Since at least early 2025, GlassWorm operators have systematically targeted software developers, a population with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries,” CrowdStrike said.
The development comes as developers have increasingly become lucrative targets for pulling off software supply chain attacks, enabling attackers to leverage a single compromised workstation to impact thousands of downstream organizations and users at once.
GlassWorm, since its emergence last year, has conducted a “multi-pronged campaign” using trojanized VS Code extensions published on both the Microsoft VS Code Marketplace and Open VSX, thereby making it possible to target users of VS Code forks like Cursor, Positron, Windsurf, and VSCodium.
The campaign is also known to have introduced malicious code through compromised npm and Python packages. The end goal of the attacks is to deliver a data-theft framework with credential harvesting, cryptocurrency wallet exfiltration, and system profiling capabilities.
Subsequent iterations of GlassWorm have been found to deploy a Websocket-based JavaScript RAT called GlassWormRAT to steal web browser data and run arbitrary code, including installing a Google Chrome extension that, in turn, collects sensitive data, including screenshots, keystrokes, and clipboard content, from the infected system.
“Once active, the malware searches the host for developer credentials (GitHub, NPM, OpenVSX tokens, crypto wallets), enabling further compromise of repositories and package uploads,” Endor Labs researcher Kiran Raj said.
“Infected hosts are converted into covert infrastructure: SOCKS proxies, hidden VNC (HVNC) servers, and remote execution nodes (via WebRTC or spawned Node.js processes). That gives attackers anonymized network access into corporate and personal networks and a platform to propagate further.”
Cumulatively, the malicious activity is said to have poisoned more than 300 GitHub repositories using stolen developer credentials. What made the operation notable was its use of four distinct C2 channels for improved resilience –
“The combination of blockchain, peer-to-peer, and legitimate web services as resolution layers was designed to be resilient against takedowns – a dynamic front protecting the actual C2 servers behind multiple layers of indirection,” CrowdStrike said.
As a result of the takedown, all four channels have been neutralized simultaneously in a coordinated effort so that infected machines can no longer receive new instructions or payloads.
Describing the GlassWorm operators as “well-resourced and persistent,” the cybersecurity company attributed the activity to likely Russia-based cybercriminals given that the malware terminates execution on systems located in the Commonwealth of Independent States (CIS) countries and contains Russian-language comments.
“The software supply chain remains one of the most consequential attack surfaces in modern computing,” CrowdStrike concluded. “Adversaries are turning an organization’s dependencies on tools, updates, and libraries into weaponized delivery mechanisms and force multipliers.”
“The barrier to poisoning a package or extension is low; the potential blast radius is enormous. As long as developer environments, build pipelines, and code repositories remain under-protected, every organization that consumes software inherits the risk of everyone who produces it. GlassWorm demonstrates that attackers know this and are investing in resilient infrastructure to maintain persistent access to developer ecosystems.”
