CrowdStrike, in collaboration with Google and the Shadowserver Foundation, has dismantled an international botnet that specifically targeted software developers and open-source software chains. The network, which operated under the name Glassworm, used compromised software extensions, manipulated software packages, and stolen developer accounts to gain access to development environments and CI/CD pipelines.
According to CrowdStrike, the operation marks a shift in the threat landscape. Attackers are increasingly targeting developers themselves, as compromising a single development environment can affect thousands of downstream users and organizations.
The campaign is believed to have been active since early 2025. Among other tactics, Glassworm distributed malicious extensions via the OpenVSX marketplace, disguised as popular developer tools. The extensions worked not only with Visual Studio Code but also with derivative development environments such as Cursor, Windsurf, Positron, and VSCodium.
In addition, infected npm and Python packages were deployed. Malicious code was automatically executed during regular dependency installations. CrowdStrike further states that more than three hundred GitHub repositories were modified after developer accounts had previously been compromised.
The malware ran on Windows, macOS, and Linux systems and included functionality for credential harvesting, data theft, and remote access. A key component of the operation was GlasswormRAT, a Node.js-based remote-access tool that allowed systems to be controlled remotely.
According to CrowdStrike, infected developer machines were also used as proxy nodes for criminal activities. The attackers used techniques such as hidden Unicode code injections to make malicious code less visible to developers and security software.
Trend of supply chain attacks
The dismantling of Glassworm comes at a time when attacks via software supply chains are surging, reports The Register. Attackers are increasingly targeting development environments, open-source repositories, and package ecosystems such as npm and PyPI.
What stood out most about Glassworm was the infrastructure behind the botnet. The operators used multiple command-and-control channels simultaneously to make disruption more difficult.
For example, addresses of command-and-control servers were hidden in memo fields of transactions on the Solana blockchain. Additionally, the malware used BitTorrent’s distributed hash table to retrieve configuration data. Google Calendar was also exploited: event titles served as storage locations for Base64-encoded paths to command-and-control servers.
In addition to these indirect methods, Glassworm also ran on traditional VPS infrastructure to deliver malware payloads.
According to CrowdStrike, a coordinated operation was necessary to take down the network. Simply taking individual components offline would have been insufficient, as other communication channels would have remained active. Therefore, all four command-and-control routes were addressed simultaneously.
Google confirmed its involvement through John Hultquist of the Google Threat Intelligence Group. According to him, the company is working with partners to hit attackers harder when they abuse Google services or attack users of the platform.
Suspected Russian origin
CrowdStrike suspects that the operators behind Glassworm are from Russia, though the company says it has no conclusive evidence to support this. Among other things, the malware checked the language settings, time zone, and regional configuration of systems and terminated itself when a system was located in a CIS country. Such checks are more commonly used by cybercriminals from Russia and surrounding regions to evade local authorities.
In addition, CrowdStrike found Russian-language comments in the source code. The company does note, however, that such clues can also be misleading or may originate from AI tools.
According to CrowdStrike, Glassworm underscores just how vulnerable modern software supply chains still are. Attackers can reach large numbers of developers in a short time through ecosystems like npm, PyPI, and OpenVSX. According to the company, retrospective detection is often insufficient, as malicious packages have already spread before security software raises the alarm.