Technology

Glassworm botnet infected open source projects, prompting global takedown

Glassworm slipped through open-source tools, then moved from developer workstations into wider networks until a coordinated takedown cut off its four hidden command channels.

Lisa Park··2 min read
Published
Listen to this article0:00 min
Glassworm botnet infected open source projects, prompting global takedown
AI-generated illustration

Glassworm turned trusted open-source software into a delivery system for theft and intrusion, using malicious VS Code extensions and compromised npm and Python packages to reach the developers who maintain modern software stacks. CrowdStrike said the campaign had been aimed at software developers since at least early 2025, exploiting their access to source code repositories, cloud platforms, CI/CD pipelines, and package registries.

The operation poisoned more than 300 GitHub repositories, widening the blast radius far beyond a single compromised account. Once inside, the malware sought credentials such as GitHub, NPM, and OpenVSX tokens, then used stolen access to keep moving through development environments. Researchers said infected systems could be repurposed as SOCKS proxies, hidden VNC servers, and remote execution nodes, giving the operators covert infrastructure they could use to mask further activity.

AI-generated illustration
AI-generated illustration

The botnet’s reach depended on four separate command-and-control channels: commercial VPS servers, the Solana blockchain, the BitTorrent DHT network, and Google Calendar event titles. CrowdStrike said a coordinated takedown on May 26, 2026, at 14:00 UTC, carried out with Google and the Shadowserver Foundation, simultaneously disrupted all four channels and cut off the operators’ ability to reach infected machines or push new payloads. That matters because supply-chain attacks do not stop at the first victim; once a developer workstation is compromised, the resulting code, packages, and credentials can spread into corporate and government systems downstream.

The case lands in the middle of a broader escalation in software supply-chain attacks, where one infected repository can cascade into many organizations at once. CrowdStrike’s 2026 Global Threat Report said AI-enabled attacks surged 89% and average eCrime breakout time fell to 29 minutes, underscoring how quickly an intrusion can move once an attacker gets a foothold. Google has separately shown a growing appetite for disruptive action against botnets, including legal and technical moves against BadBox 2.0, which compromised more than 10 million uncertified Android devices, and Glupteba.

For software teams, vendors, and downstream users, the immediate audit points are clear: developer accounts, repository access, package integrity, CI/CD permissions, cloud tokens, and any system that handled VS Code extensions or npm and Python dependencies during the campaign window. Glassworm showed how quietly a volunteer code repository can become a bridge into enterprise infrastructure, and how fast that bridge can be cut when defenders move together.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Technology