TL;DR
A newly disclosed malware campaign called GlassWorm is spreading through poisoned packages on npm, PyPI, GitHub, and Open VSX by hijacking legitimate maintainer accounts [1][2]. What makes it unique: the malware reads Solana blockchain transactions to find its command-and-control (C2) server address, making takedowns extremely difficult. The attack chain escalates from credential theft to a full remote access trojan (RAT) with hidden VNC, keylogging, and a fake Chrome extension that bypasses App-Bound Encryption. Businesses that depend on open-source packages—which is nearly everyone—should audit dependencies, enforce multi-factor authentication on developer accounts, and implement software composition analysis now, not after a breach.
What Is the GlassWorm Supply Chain Malware Campaign?
GlassWorm is a multi-stage supply chain attack campaign first documented by Aikido Security researcher Ilyas Makari in March 2026 [1]. Rather than publishing obviously suspicious packages, the operators compromise legitimate maintainer accounts on npm, PyPI, GitHub, and the Open VSX extension marketplace, then push poisoned updates that inherit the trust of the original package [2]. This approach exploits the implicit trust developers place in familiar package names and version bumps—a pattern that Sonatype's 2025 report found has driven a 245% year-over-year increase in malicious package discoveries across public registries [3].
One notable evasion technique: GlassWorm checks the infected system's locale and ski
Free Resource
Get the Free Cybersecurity Checklist
A practical, no-jargon security checklist for Australian businesses. Download free — no spam, unsubscribe anytime.
Send Me the Checklist →How Does GlassWorm Use Solana Blockchain for Command and Control?
The campaign's most technically distinctive feature is its use of Solana blockchain transactions as a dead drop resolver for C2 infrastructure [1]. Instead of hardcoding a server address—which defenders can quickly block—the malware reads a specific Solana wallet's transaction memo fields to retrieve the current C2 IP address. Because blockchain data is immutable, publicly accessible, and cannot be taken down by any single authority, this gives the operators a resilient, censorship-resistant way to redirect infected machines to new infrastructure at will. The primary C2 server was observed at 45.32.150[.]251, with data exfiltration flowing to 217.69.3[.]152/wall and stolen wallet recovery phrases sent to 45.150.34[.]158 [1]. Google Calendar events serve as a secondary dead drop channel, adding yet another layer of redundancy [2].
What Does GlassWorm Steal and How Does the RAT Work?
GlassWorm operates in three stages. Stage 1 is the initial package compromise that establishes persistence. Stage 2 deploys a data theft framework that harvests saved credentials, cryptocurrency wallet files, and detailed system profiling information [1][2]. Stage 3 drops a .NET binary designed to phish hardware wallet users—specifically targeting Ledger and Trezor owners—alongside a WebSocket-based RAT with alarming capabilities: hidden VNC (HVNC) for invisible remote desktop control, SOCKS proxy tunneling via WebRTC, full browser data extraction, and keylogging [1].
The campaign also installs a malicious Chrome extension masquerading as "Google Docs Offline." This extension steals cookies, DOM content, bookmarks, screenshots, keystrokes, and over 5,000 browser history entries [1][2]. It specifically targets the Bybit cryptocurrency exchange and bypasses Chrome's App-Bound Encryption (ABE)—a security feature Google introduced in 2024 to protect cookie data from external theft [7]. The ABE bypass is significant because it undermines one of Chrome's most important recent security improvements.
ISO 27001 SMB Starter Pack — $97
Everything you need to start your ISO 27001 journey: gap assessment templates, policy frameworks, and implementation roadmap built for Australian SMBs.
Get the Starter Pack →Why Should SMBs Care About Software Supply Chain Attacks?
Software supply chain attacks are not just an enterprise problem. ENISA's threat landscape analysis found that 66% of supply chain attacks target supplier code, meaning any business that installs open-source packages is in the blast radius [9]. The average cost of a data breach reached $4.88 million in 2025 according to IBM [8], but for small and midsize businesses the proportional impact is often greater because there are fewer resources for incident response and recovery. CISA guidance emphasizes that organizations of all sizes must treat supply chain integrity as a core security function, not an afterthought [4].
The good news: proactive supply chain security is a competitive advantage. Customers and partners increasingly ask about software provenance and security practices during vendor evaluations. Investing in these controls now positions your business as trustworthy and audit-ready rather than reactive [6].
How Can Businesses Protect Against Supply Chain Attacks Like GlassWorm?
Defending against campaigns like GlassWorm requires layered controls across your development and deployment pipeline. NIST SP 800-218 and OpenSSF best practices provide actionable frameworks [6][10]:
- Audit and pin dependencies. Use lockfiles and hash verification. Don't auto-merge version bumps without review. Tools like
npm audit,pip-audit, and software composition analysis (SCA) platforms flag known-malicious packages before they reach production [3][5]. - Enforce MFA on all developer and maintainer accounts. GlassWorm's initial access depends on compromising maintainer credentials. Multi-factor authentication is the single most effective control against account takeover [4][10].
- Monitor for anomalous package behavior. Watch for unexpected post-install scripts, network calls during build, or new native binary dependencies in routine updates [3].
- Restrict browser extensions. Use Chrome Enterprise policies or endpoint management to whitelist approved extensions and block sideloading. This directly mitigates the malicious "Google Docs Offline" extension vector [7].
- Implement network segmentation and egress filtering. Block or alert on outbound connections to unfamiliar IPs, especially from development and build environments. The known C2 and exfiltration IPs should be added to blocklists immediately [1][2].
- Adopt SBOM practices. A Software Bill of Materials gives you visibility into what's actually running in your stack, making incident response faster when a compromised package is identified [6].
Supply chain security is not about locking everything down until productivity stops—it's about knowing what you depend on and verifying it continuously. The businesses that build this discipline into their workflow don't just avoid breaches; they ship faster with greater confidence.
Need help assessing your software supply chain security posture? Our cybersecurity consulting team can help you implement dependency auditing, developer account hardening, and incident response planning tailored to your stack and budget.
Schedule a free consultation to review your software supply chain security.
FAQ
GlassWorm is a multi-stage supply chain malware campaign that spreads by compromising legitimate maintainer accounts on npm, PyPI, GitHub, and Open VSX, then pushing poisoned package updates [1][2]. Because the malicious code arrives through trusted update channels, standard developer workflows pull it in automatically.
The malware reads Solana transaction memo fields to dynamically resolve its C2 server address [1]. Blockchain data is immutable and decentralized, so defenders cannot take down the dead drop the way they would a traditional domain or IP, giving attackers persistent and resilient infrastructure.
Any organization that uses open-source packages from npm, PyPI, or VS Code extensions is a potential target. ENISA research shows 66% of supply chain attacks target supplier code regardless of the downstream consumer's size [9]. SMBs are often more vulnerable because they lack dedicated security teams to detect anomalies in dependency updates.
Check for network connections to the known indicators of compromise: 45.32.150[.]251, 217.69.3[.]152, and 45.150.34[.]158 [1][2]. Review installed Chrome extensions for anything labeled "Google Docs Offline" that was not installed through official enterprise policy. Run software composition analysis tools against your dependency trees to identify recently flagged malicious packages.
Enforcing multi-factor authentication on all developer and package maintainer accounts is the single highest-impact control, because it blocks the initial account compromise that campaigns like GlassWorm depend on [4][10]. Combine this with dependency pinning, lockfile verification, and continuous monitoring for the strongest posture.
References
[1] I. Makari, "GlassWorm: Chrome Extension RAT Using Solana Dead Drops," Aikido Security Blog, Mar. 2026. [Online]. Available: https://www.aikido.dev/blog/glassworm-chrome-extension-rat
[2] R. Lakshmanan, "GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data," The Hacker News, Mar. 25, 2026. [Online]. Available: https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html
[3] Sonatype, "State of the Software Supply Chain Report 2025," Sonatype, 2025. [Online]. Available: https://www.sonatype.com/state-of-the-software-supply-chain
[4] CISA, "Defending Against Software Supply Chain Attacks," Cybersecurity and Infrastructure Security Agency, Apr. 2023. [Online]. Available: https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf
[5] Synopsys, "Open Source Security and Risk Analysis Report 2025," Synopsys, 2025. [Online]. Available: https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html
[6] NIST, "Software Supply Chain Security Guidance," NIST SP 800-218, Feb. 2022. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-218/final
[7] Google, "App-Bound Encryption for Chrome Cookies," Google Security Blog, 2024. [Online]. Available: https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies.html
[8] IBM Security, "Cost of a Data Breach Report 2025," IBM, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach
[9] European Union Agency for Cybersecurity (ENISA), "Threat Landscape for Supply Chain Attacks," ENISA, 2021. [Online]. Available: https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks
[10] OpenSSF, "Package Repository Security Best Practices," Open Source Security Foundation, 2024. [Online]. Available: https://openssf.org/blog/package-repository-security/
Work With Us
Ready to strengthen your security posture?
lilMONSTER assesses your risks, builds the tools, and stays with you after the engagement ends. No clipboard-and-leave consulting.
Book a Free Consultation →TL;DR
Bad actors are sneaking dangerous code into trusted software libraries—like swapping real books on a library shelf with trick copies that spy on whoever reads them. The campaign is called GlassWorm, and businesses can protect themselves by checking their software ingredients and locking down developer accounts.
What Is GlassWorm? (The Library Bookshelf Analogy)
Imagine your favourite library. You trust every book on the shelves because the librarians picked them out. Now imagine someone steals a librarian's ID badge, walks in after hours, and swaps a popular book with a fake copy that looks identical on the outside. When you borrow that book, a hidden camera inside starts watching everything you do at home.
That's basically what GlassWorm does to software [1][2]. Programmers build apps using shared code libraries—think of them as bookshelves full of useful tools hosted on sites like npm and PyPI. GlassWorm's operators stole the credentials of real "librarians" (package maintainers) and pushed out poisoned updates that developers pulled in without suspecting a thing [3][9].
How Does GlassWorm Hide Its Secret Instructions?
Here's the clever part. When the fake book needs to phone home for new orders, it doesn't call a regular phone number that could be disconnected. Instead, it checks a public bulletin board that nobody can erase—the Solana blockchain [1]. The attacker writes a tiny note inside a blockchain transaction, and the malware reads it to learn where to send stolen data. Because blockchain entries are permanent, defenders can't simply delete the note the way they'd take down a website [2].
What Does GlassWorm Actually Do Once It's Inside?
The attack happens in stages—like chapters in that trick book. First, it settles in quietly. Then it starts copying your saved passwords, cryptocurrency wallets, and information about your computer [1][2]. In the final stage, it installs a remote control tool (called a RAT) that lets the attacker see your screen, record your keystrokes, and even trick you into handing over hardware wallet codes for devices like Ledger and Trezor [1]. It also adds a fake Chrome extension pretending to be "Google Docs Offline" that watches almost everything you do in your browser—cookies, bookmarks, screenshots, and thousands of history entries [2][7].
How Can Businesses Stay Safe?
The good news: you don't need a massive security team to protect yourself. Think of it as better library hygiene [4][6][10]:
- Check the books before shelving them. Use tools that scan your software dependencies for known bad packages [3][5].
- Protect the librarian badges. Turn on multi-factor authentication for every developer account so attackers can't steal credentials easily [4][10].
- Keep a list of every book on the shelf. Maintaining a Software Bill of Materials (SBOM) means you can quickly find and remove a bad package when one is discovered [6].
- Lock the browser extension shelf. Only allow approved Chrome extensions through your organization's policy [7].
Taking these steps isn't about being scared—it's about running a tighter ship so you can focus on building great products with confidence [8].
FAQ
A supply chain attack is when bad actors sneak malicious code into trusted software libraries or tools that developers use to build applications. Instead of attacking your business directly, they compromise the building blocks your software depends on [4][9].
Yes. If any software your business uses was built with compromised packages from npm or PyPI, it could carry GlassWorm's malicious payload. This is why maintaining a Software Bill of Materials (SBOM) matters—so you know exactly what ingredients are in the software you rely on [3][6].
GlassWorm writes its command-and-control instructions into Solana blockchain transaction memos. Because blockchain entries are permanent and decentralised, security teams cannot simply take down a website or block a domain to cut the malware's communication line [1][2].
Start with three steps: enable multi-factor authentication on all developer and admin accounts, use dependency scanning tools to check software packages before deploying them, and restrict Chrome extension installations to an approved list only [4][6][10].
Want help checking your software supply chain? Schedule a free consultation.
References
[1] I. Makari, "GlassWorm: Chrome Extension RAT Using Solana Dead Drops," Aikido Security Blog, Mar. 2026. [Online]. Available: https://www.aikido.dev/blog/glassworm-chrome-extension-rat
[2] R. Lakshmanan, "GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data," The Hacker News, Mar. 25, 2026. [Online]. Available: https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html
[3] Sonatype, "State of the Software Supply Chain Report 2025," Sonatype, 2025. [Online]. Available: https://www.sonatype.com/state-of-the-software-supply-chain
[4] CISA, "Defending Against Software Supply Chain Attacks," Cybersecurity and Infrastructure Security Agency, Apr. 2023. [Online]. Available: https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf
[5] Synopsys, "Open Source Security and Risk Analysis Report 2025," Synopsys, 2025. [Online]. Available: https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html
[6] NIST, "Software Supply Chain Security Guidance," NIST SP 800-218, Feb. 2022. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-218/final
[7] Google, "App-Bound Encryption for Chrome Cookies," Google Security Blog, 2024. [Online]. Available: https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies.html
[8] IBM Security, "Cost of a Data Breach Report 2025," IBM, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach
[9] European Union Agency for Cybersecurity (ENISA), "Threat Landscape for Supply Chain Attacks," ENISA, 2021. [Online]. Available: https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks
[10] OpenSSF, "Package Repository Security Best Practices," Open Source Security Foundation, 2024. [Online]. Available: https://openssf.org/blog/package-repository-security/
lilMONSTER Newsletter
Weekly cybersecurity insights, practical tips, no spam. Unsubscribe anytime.