The Glassworm Operation Revealed a New Threat Model for Software Development

Glassworm was a global malware operation that targeted software developers through the open-source ecosystem. According to CrowdStrike, the campaign spread through poisoned VSCode extensions, malicious software packages, and compromised GitHub repositories.

Once installed, the malware stole credentials and gave attackers persistent access to developer environments tied to internal systems and software distribution workflows.

On May 26, 2026, CrowdStrike said it worked with Google and the Shadowserver Foundation to disrupt all four of Glassworm’s command-and-control channels at the same time. The company said the operation prevented infected systems from receiving new instructions or malware payloads.

The report also offered a rare look at how modern malware campaigns are using decentralized infrastructure and public internet services to make disruption efforts more difficult.

Why It Matters: Glassworm shows how attacks on developer tools and open-source ecosystems can create direct exposure for production systems and software distribution pipelines. By compromising trusted development workflows, attackers can gain access that extends well beyond a single infected machine into the environments organizations depend on to build and ship software.

• The Campaign Hid Inside Normal Development Workflows: Operators published malicious VSCode extensions through the OpenVSX marketplace and disguised them as standard productivity tools. The malware also spread through compromised npm and Python packages that executed code during dependency installation. According to the report, the campaign affected VSCode along with Cursor, Positron, Windsurf, and VSCodium. By embedding malicious code into familiar tools and update processes, the operators reduced the chances that developers would immediately detect suspicious activity.

• Developer Credentials Gave Attackers Access to Trusted Repositories: CrowdStrike reported that attackers poisoned more than 300 GitHub repositories using credentials harvested from earlier infections. Malicious code was force-pushed into default branches, allowing compromised repositories to distribute harmful code through ordinary development activity. Developer systems are especially valuable because they often contain repository access, deployment permissions, signing keys, cloud credentials, and package publishing rights connected to production environments.

• Malware Combined Credential Theft With Long-Term Remote Access: Glassworm affected Windows, macOS, and Linux systems and included tools for credential theft and remote access. The report identified a Node.js-based remote access tool called GlasswormRAT as part of the campaign. Once attackers gained access to a developer workstation, they could potentially move into internal repositories and cloud management environments connected to that machine.

• Infrastructure Was Designed to Survive Disruption Attempts: Glassworm relied on several communication layers operating at the same time. The malware retrieved command-and-control information through Solana blockchain memo fields, BitTorrent Distributed Hash Table lookups, Google Calendar event titles containing encoded paths, and VPS-hosted servers used for payload delivery. This setup reduced reliance on any single provider or server and made partial takedowns less effective. The report stated that disabling one communication channel alone would likely have allowed operators to continue operating through the remaining infrastructure.

• Package Ecosystem Abuse Is Outpacing Current Defenses: CrowdStrike warned that malicious packages can spread through dependency updates within seconds while defenders often identify infections only after credentials or systems are compromised. The report noted that ecosystems such as npm, PyPI, OpenVSX, and GitHub contain millions of packages with uneven security controls and extensive downstream reach. To support remediation efforts, the company released YARA detection rules and shared the sinkhole IP address 164.92.88[.]210, which infected systems now contact following the disruption operation.

Go Deeper -> Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet – CrowdStrike