crowdstrike.com via Reddit

CrowdStrike takes down Glassworm developer botnet

8 sources tracking this story
cybersecurity open source supply-chain-security developer-targeting botnet-takedown

Key insights

  • The four-channel C2 architecture was engineered so that losing any single channel would not end the operation; all four had to fall at once.
  • Malware included a runtime CIS locale check, a consistent marker of Russia-based operators avoiding prosecution in home jurisdictions.
  • C2 instructions encoded in immutable Solana blockchain transactions cannot be deleted by any authority, only made unreachable by disabling the client-side resolver.

Why this matters

Glassworm is the most technically sophisticated developer-targeting botnet publicly disclosed to date: four independent C2 channels spanning immutable blockchain, peer-to-peer DHT, and legitimate Google infrastructure forced CrowdStrike, Google, and Shadowserver to strike simultaneously rather than sequentially, because disabling any subset would have allowed the operator to reconstitute. Computer Weekly notes that no downstream supply chain breaches have been publicly attributed to Glassworm, which frames this as a preventative takedown of an operation already positioned inside 300+ repositories and an unknown count of developer endpoints. GlasswormRAT remains resident on an unquantified number of machines globally; C2 disruption severed command delivery but did not remediate infections. The operation proceeded without disclosed legal authority, extending a pattern in which private-sector coalitions take unilateral action against Russian-linked infrastructure that law enforcement cannot reach.

Summary

CrowdStrike, Google, and Shadowserver cut all four C2 channels of the Glassworm botnet on May 26, severing Russia-based operators from infected developer machines worldwide. Glassworm ran since 2025, using stolen credentials to force-push malicious code into 300+ GitHub repos, trojanize VSCode extensions on OpenVSX, and inject postinstall hooks into npm and Python packages, meaning the malware executed automatically during routine dependency installs. Essentially: (CrowdStrike, Google, Shadowserver) dismantled a supply-chain campaign targeting developers across repos, IDE extensions, and package ecosystems simultaneously. - 300+ GitHub repos compromised via credential theft and force-pushes, not zero-days - Postinstall hooks in npm and Python packages triggered silent malware execution on install - GlasswormRAT persists on infected machines and requires independent cleanup after the takedown The shutdown cuts operator access but leaves an unknown number of developer machines still backdoored.

Potential risks and opportunities

Risks

  • Developers who installed affected npm or Python packages before May 26 may have GlasswormRAT resident in CI/CD pipelines, creating persistent lateral movement risk inside their employers' infrastructure
  • Open source maintainers whose repos were force-pushed face reputational and potential legal exposure if downstream consumers suffered breaches before the compromise was discovered
  • npm and PyPI postinstall hook abuse remains unaddressed at the registry policy level, leaving the same vector open for copycat campaigns within weeks of this takedown

Opportunities

  • Supply-chain security vendors (Chainguard, Socket.dev, Snyk) gain immediate budget conversations at enterprises whose developers may have installed compromised packages before May 26
  • Credential hygiene and developer identity platforms (GitGuardian, GitHub Advanced Security, 1Password) have a direct pitch: Glassworm's entry point was stolen creds, making secrets scanning a board-level talking point
  • OpenVSX and similar open extension registries now face pressure to implement signing and provenance requirements, opening a tooling and consulting opportunity for code-signing infrastructure vendors (Sigstore, Venafi)

What we don't know yet

  • No public estimate of how many developer machines globally still carry GlasswormRAT after the May 26 C2 shutdown
  • The specific stolen credentials used to gain write access to 300+ GitHub repos have not been publicly linked to any prior breach or credential leak
  • Whether OpenVSX and npm/PyPI have completed removal of all affected extensions and packages as of late May 2026 remains unconfirmed in public reporting

What others are reporting

Coverage cluster as of 24h after publish

  1. TechCrunch Read →

    Raises the legal authority question directly: CrowdStrike declined to comment when asked, and situates Glassworm within a named wave of recent developer-targeting supply-chain operations.

    Compromising a single developer's workstation can cascade into a supply-chain compromise that impacts thousands of organizations.
  2. The Register Read →

    Frames the four-channel C2 architecture as the operational centerpiece, explaining why simultaneous disruption was required and contextualizing Glassworm within broader developer supply-chain attacks.

    Adversaries are no longer just targeting products, they're targeting the developers who build them.
  3. Cybersecurity Dive Read →

    Leads with the simultaneous four-channel disruption method and enumerates the three infection vectors: poisoned GitHub repos, malicious npm/PyPI packages, and trojanized VSCode extensions on OpenVSX.

    All four of the botnet's command-and-control channels were targeted simultaneously, effectively disconnecting them from infected computers.
  4. Computer Weekly Read →

    Notes that no downstream supply chain incidents were attributed to Glassworm, framing the takedown as preventative, and critiques open-source ecosystem security controls as structurally weak.

    When threat actors operate from jurisdictions where law enforcement cooperation is limited or nonexistent, disruption becomes one of the most effective tools available.
  5. Security Affairs Read →

    Highlights Unicode variation selectors as an evasion technique hiding malicious code inside editors, and frames blast radius as reaching every org that consumes software from a compromised developer.

    The combination of blockchain, peer-to-peer, and legitimate web services as resolution layers was designed to be resilient.
  6. TechRadar Read →

    Frames Glassworm as a strategic turning point for the software industry, emphasizing the attacker shift from targeting end products to targeting the developers who build them.

    Adversaries are no longer just targeting products, they're targeting the developers who build them.
  7. Crypto Briefing Read →

    Adds the cryptocurrency angle: Glassworm targeted wallet browser extensions for direct financial theft and used Solana's immutable ledger to store C2 instructions that survive takedown.

    The botnet maintained four separate command-and-control channels using the Solana blockchain, Google Calendar, BitTorrent DHT, and commercial VPS servers.

Shared on Bluesky by 1 AI expert

  • Eileen Clancy 🧿 @clancyny.bsky.social amplified

    @campuscodi.risky.biz

    Google, CrowdStrike, and Shadowserver take down the Glassworm C&C servers www.crowdstrike.com/en-us/blog/i...

    View on Bluesky →

Originally reported by crowdstrike.com

Read the original article →

Original headline: CrowdStrike, Google, and Shadowserver Disrupt Glassworm Supply-Chain Botnet — 300+ GitHub Repos Compromised, VSCode and npm Ecosystem Poisoned Since 2025