CrowdStrike takes down Glassworm developer botnet
Key insights
- Glassworm used stolen credentials to force-push malicious code into 300+ GitHub repos, targeting developer machines without exploiting zero-days.
- The botnet poisoned VSCode extensions on OpenVSX and injected postinstall hooks into npm and Python packages for silent malware execution.
- CrowdStrike attributes Glassworm to Russia-based operators; infected machines carrying GlasswormRAT still require remediation despite the C2 shutdown.
Why this matters
Developer toolchains are now a primary attack surface: Glassworm demonstrated that a single stolen credential set can cascade into hundreds of poisoned repos, compromised IDE extensions, and backdoored packages consumed by thousands of downstream projects. The postinstall hook vector is particularly dangerous for AI practitioners who routinely install Python packages in automated pipelines, where malware executes before any human review. With GlasswormRAT still resident on an unknown number of machines globally, security teams at AI labs and developer-focused SaaS companies face an active remediation problem that the C2 takedown itself did not solve.
Summary
CrowdStrike, Google, and Shadowserver cut all four C2 channels of the Glassworm botnet on May 26, severing Russia-based operators from infected developer machines worldwide.
Glassworm ran since 2025, using stolen credentials to force-push malicious code into 300+ GitHub repos, trojanize VSCode extensions on OpenVSX, and inject postinstall hooks into npm and Python packages, meaning the malware executed automatically during routine dependency installs.
Essentially: (CrowdStrike, Google, Shadowserver) dismantled a supply-chain campaign targeting developers across repos, IDE extensions, and package ecosystems simultaneously.
- 300+ GitHub repos compromised via credential theft and force-pushes, not zero-days
- Postinstall hooks in npm and Python packages triggered silent malware execution on install
- GlasswormRAT persists on infected machines and requires independent cleanup after the takedown
The shutdown cuts operator access but leaves an unknown number of developer machines still backdoored.
Potential risks and opportunities
Risks
- Developers who installed affected npm or Python packages before May 26 may have GlasswormRAT resident in CI/CD pipelines, creating persistent lateral movement risk inside their employers' infrastructure
- Open source maintainers whose repos were force-pushed face reputational and potential legal exposure if downstream consumers suffered breaches before the compromise was discovered
- npm and PyPI postinstall hook abuse remains unaddressed at the registry policy level, leaving the same vector open for copycat campaigns within weeks of this takedown
Opportunities
- Supply-chain security vendors (Chainguard, Socket.dev, Snyk) gain immediate budget conversations at enterprises whose developers may have installed compromised packages before May 26
- Credential hygiene and developer identity platforms (GitGuardian, GitHub Advanced Security, 1Password) have a direct pitch: Glassworm's entry point was stolen creds, making secrets scanning a board-level talking point
- OpenVSX and similar open extension registries now face pressure to implement signing and provenance requirements, opening a tooling and consulting opportunity for code-signing infrastructure vendors (Sigstore, Venafi)
What we don't know yet
- No public estimate of how many developer machines globally still carry GlasswormRAT after the May 26 C2 shutdown
- The specific stolen credentials used to gain write access to 300+ GitHub repos have not been publicly linked to any prior breach or credential leak
- Whether OpenVSX and npm/PyPI have completed removal of all affected extensions and packages as of late May 2026 remains unconfirmed in public reporting
Originally reported by crowdstrike.com
Read the original article →Original headline: CrowdStrike, Google, and Shadowserver Disrupt Glassworm Supply-Chain Botnet — 300+ GitHub Repos Compromised, VSCode and npm Ecosystem Poisoned Since 2025