GlassWorm

GlassWorm's goal is to infect software developers with infostealers to obtain a target organization's secrets and credentials, which an attacker can then further weaponize to publish poisoned versions of projects maintained by that victim.

Attackers have already started combining self-propagation capabilities, which historically defines a 'worm,' with malicious tools to attack developers and software supply chains.

This self-replicating worm initially targeted VS Code extensions on the OpenVSX marketplace before moving on to npm and Python packages, and later poisoned more than 300 GitHub repos using stolen credentials harvested in earlier Glassworm infections.

This is the core social engineering pattern behind the latest GlassWorm cluster: cloned listings create enough visual trust to attract installs before any malware is introduced.

The latest wave of malicious extensions, however, include a capability to automatically fetch and execute malicious payloads at a later date... the common pattern throughout GlassWorm's latest activity "is that the extension itself acts as a thin loader."

File i.js JavaScript payload file written to script directory during execution

The next month, researchers discovered the Glassworm attack, which utilizes VS Code extensions to compromise developer machines.

A developer installs what looks like a trusted extension or package, and the malware activates in the background.

During the 2016 Ukraine Electric Power Attack, Sandworm Team used a trojanized version of Windows Notepad to add a layer of persistence for Industroyer.

GlassWorm's goal is to infect software developers with infostealers to obtain a target organization's secrets and credentials, which an attacker can then further weaponize to publish poisoned versions of projects maintained by that victim.

Bundlore can persist via a LaunchAgent. Calisto adds a .plist file to the /Library/LaunchAgents folder to maintain persistence. CoinTicker creates user launch agents named .espl.plist and com.apple.[random string].plist to establish persistence.

The content repeatedly describes malware and threat actors establishing persistence by adding values under HKCU/HKLM\Software\Microsoft\Windows\CurrentVersion\Run or RunOnce, and by placing executables, scripts, .lnk files, or batch files in the Windows Startup folder.

GlassWorm's goal is to infect software developers with infostealers to obtain a target organization's secrets and credentials, which an attacker can then further weaponize to publish poisoned versions of projects maintained by that victim.

Bundlore can persist via a LaunchAgent. Calisto adds a .plist file to the /Library/LaunchAgents folder to maintain persistence. CoinTicker creates user launch agents named .espl.plist and com.apple.[random string].plist to establish persistence.

The content repeatedly describes malware and threat actors establishing persistence by adding values under HKCU/HKLM\Software\Microsoft\Windows\CurrentVersion\Run or RunOnce, and by placing executables, scripts, .lnk files, or batch files in the Windows Startup folder.

The compromised packages shared several notable traits for stealthy payload delivery, including an unconventional Unicode-based obfuscation technique that remained invisible within IDEs.

The campaign we analyzed, however, uses a different and under-observed class of characters (variation selectors) that remain largely invisible to common tooling.

The injection preserves the original commit author and date, making it look like nothing in the project history has changed.

GlassWorm's goal is to infect software developers with infostealers to obtain a target organization's secrets and credentials, which an attacker can then further weaponize to publish poisoned versions of projects maintained by that victim.

The next month, researchers discovered the Glassworm attack, which utilizes VS Code extensions to compromise developer machines.

That script would check whether the system was set to a Russian locale and skip execution if so

During the 2016 Ukraine Electric Power Attack, Sandworm Team used a trojanized version of Windows Notepad to add a layer of persistence for Industroyer.

Once on a developer’s machine, Glassworm steals GitHub tokens from multiple sources, including VS Code storage, the git credentials file, and local environment variables.

Server 208.85.20[.]124 -- documented in the original GlassWorm reporting as a credential theft endpoint -- is still live... browse stolen credentials... Browser credential dumper

Glassworm ... is a self-propagating, credential-stealing worm ... later poisoned more than 300 GitHub repos using stolen credentials harvested in earlier Glassworm infections.

A malicious Chrome extension is also installed to capture browser session data.

Glassworm steals GitHub tokens from multiple sources, including VS Code storage, the git credentials file, and local environment variables.

That script would check whether the system was set to a Russian locale and skip execution if so

The content repeatedly describes threat actors and malware collecting, stealing, identifying, copying, or staging files, documents, credentials, logs, databases, and other information from compromised hosts or local systems.

The content repeatedly describes adversaries and malware storing collected data, command output, credentials, archives, or files in local temporary folders, working directories, hidden directories, registry locations, recycle bins, or specific files prior to exfiltration.

The malware uses the Solana blockchain as its command-and-control channel. Instead of connecting to a server that could be taken offline, it reads instructions from transaction memos attached to a specific Solana wallet.

The third deploys a persistent backdoor using WebSockets.

Glassworm used invisible Unicode-based code injection, blockchain-based C2 infrastructure, and Google Calendar as a backup command server to turn infected developers’ machines into criminal proxy nodes.

It also used Google Calendar event titles as dead-drop locations for Base64-encoded C2 paths.

The endpoint security giant’s Counter Adversary Operations team and partners hit all four Glassworm command-and-control channels simultaneously ... severing the operators from their infected machines and their ability to deliver new malicious payloads.

These included the Solana blockchain, with C2 server addresses encoded in the memo fields of blockchain transactions, ensuring the C2 couldn’t be taken offline through conventional means.

[STAGE 2: ENCRYPTED PAYLOAD] AES-CBC decrypt using header-delivered keys -> credential stealer / RAT