Glassworm is a self-propagating, credential-stealing worm that targeted developers and spread through poisoned software packages starting in early 2025. CrowdStrike, with partners including Google and the Shadowserver Foundation, took down the botnet by simultaneously severing all four command-and-control channels. The disruption disconnected operators from infected machines and prevented delivery of new malicious payloads. Google confirmed involvement in disruption efforts aimed at reducing attacker capability when abusing products or targeting users. The takedown follows similar supply-chain activity involving another self-replicating worm, Mini Shai-Hulud, which compromises open source code and poisons GitHub and npm packages. Glassworm used Unicode-based code injection, blockchain-based command-and-control infrastructure, and Google Calendar as a backup server to convert infected developer machines into proxy nodes.
"CrowdStrike, working with Google and the Shadowserver Foundation, said it has taken down the Glassworm botnet, a self-propagating, credential-stealing worm that has targeted developers and spread through poisoned software packages since early 2025."
"The endpoint security giant's Counter Adversary Operations team and partners hit all four Glassworm command-and-control channels simultaneously at 1400 UTC on Tuesday, "severing the operators from their infected machines and their ability to deliver new malicious payloads," according to CrowdStrike's blog."
""As part of our disruption efforts, we are working with partners to bring more pain to attackers, especially when we see them abusing our products or targeting our users," Hultquist wrote."
"First spotted by endpoint security shop Koi in October 2025, Glassworm used invisible Unicode-based code injection, blockchain-based C2 infrastructure, and Google Calendar as a backup command server to turn infected developers' machines into criminal proxy nodes."
#cybercrime #supply-chain-attacks #botnets #developer-targeted-malware #command-and-control-disruption
Read at theregister
Unable to calculate read time
Collection
[
|
...
]