Glassworm Botnet Targeting Developers Disrupted by CrowdStrike and Google

Glassworm Botnet Targeting Developers Disrupted by CrowdStrike and Google

First seen 27 May 2026, 10:38 UTC Itnews.AuCybersecuritynewsGround.Newswww.itnews.com.auSecurityaffairs.Co+25 89% similarity 71.0

Article Content

Browse articles
ThreatCluster

The Glassworm botnet, which has targeted software developers since early 2025, was taken down in a coordinated operation by CrowdStrike, Google, and the Shadowserver Foundation on May 26, 2026. This botnet utilized sophisticated command-and-control (C2) infrastructure, including the Solana blockchain, Google Calendar, and BitTorrent networks, to spread malware through compromised open-source packages and malicious VS Code extensions. The operation affected numerous systems across Windows, macOS, and Linux, compromising over 300 GitHub repositories and various npm and Python packages. The malware, known for its invisible code injection techniques, has been linked to credential theft and remote access capabilities. As of the takedown, all four C2 channels were severed, preventing further malware distribution. The attack's sophistication highlights a significant shift in targeting developers rather than just software products.

Key Points: • The Glassworm botnet targeted developers through compromised open-source tools since early 2025. • CrowdStrike and partners took down all four command-and-control channels on May 26, 2026. • The botnet's infrastructure included the Solana blockchain and Google Calendar for resilient operations.

ThreatCluster AI

Timeline

2025-10-17
Glassworm campaign first identified
Malicious VS Code extensions and npm packages began compromising developer environments.
Koi
2026-05-26
Glassworm botnet takedown
CrowdStrike, Google, and Shadowserver disrupted the botnet's C2 infrastructure, halting malware distribution.
Computerweekly
2026-05-27
Public announcement of takedown
CrowdStrike confirmed the successful disruption of the Glassworm botnet and its operations.
Techcrunch

Community

Browse all →