The CrowdStrike Counter Adversary Operations team executed a coordinated takedown of the Glassworm botnet, a global threat that had been targeting software developers through the open-source supply chain.
Working with Google and the Shadowserver Foundation, the team hit all four of Glassworm’s command-and-control (C2) channels at the same time, cutting the operators off from their infected machines and blocking their ability to deliver more malicious payloads.
The takedown was a technical success, but the story of how Glassworm operated for over a year without being stopped is worth noting.
Who Glassworm Was Going After
Since early 2025, Glassworm’s operators had been systematically targeting software developers, a group with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries. That access is exactly the point, as compromising one developer’s machine potentially means owning everything downstream that developer has ever touched.
The botnet propagated through trojanized VSCode extensions, malicious code snuck into npm and Python packages, and poisoned GitHub repositories, of which at least 300 were compromised. By early 2026, GlasswormRAT had infiltrated the official VS Code extension store, npm, PyPI, and those 300-plus GitHub repositories.
The malware itself had a wide reach. GlasswormRAT stole credentials for npm, GitHub, and Git, drained funds from cryptocurrency wallet extensions, and deployed SOCKS proxy servers and hidden VNC servers for persistent remote access. It ran across Windows, macOS, and Linux systems.
Why It Was So Hard to Detect
The group’s operators used invisible Unicode characters to embed malicious code, enabling the malware to bypass both automated and manual code reviews. A developer scanning a package for anything suspicious would, on the surface, find nothing wrong. But the malicious logic was there, it was only invisible.
Beyond the code itself, the botnet’s control infrastructure was built to be almost untouchable. Glassworm’s operators built their infrastructure for resilience and taking down the botnet required hitting four command-and-control channels simultaneously. Those four channels were the Solana blockchain, the BitTorrent peer-to-peer network, Google Calendar, and traditional commercial servers.
Because blockchain transactions are immutable and publicly accessible, the malware could read its instructions from Solana without ever connecting to a suspicious server. The GlasswormRAT also used Google Calendar event titles as dead-drop locations for encoded server paths. To most security tools, that kind of traffic looks like a developer checking their schedule.
Over the course of more than a year, the operators continuously evolved, adopting new programming languages from JavaScript to Rust to Zig, and expanding across package ecosystems including VSCode, npm, PyPI, and GitHub.
Why a Collaborative Strike Was the Only Option
The four-channel architecture meant that taking down one access point would simply push the malware to fall back on another. The strike against all four channels was the only viable option, which required CrowdStrike, Google, and the Shadowserver Foundation to collaborate and coordinate precisely on timing and execute together.
