Full Report
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]
Analysis Summary
# Tool/Technique: GlassWorm (2026 Campaign)
## Overview
GlassWorm is a sophisticated, multi-platform supply-chain malware campaign targeting developers and open-source ecosystems. It leverages compromised GitHub accounts, malicious npm packages, and VSCode/OpenVSX extensions to deploy information stealers. A distinct feature of this campaign is its use of the Solana blockchain as a decentralized Command and Control (C2) mechanism to deliver instructions and payload updates via transaction memos.
## Technical Details
- **Type:** Malware Family / Information Stealer
- **Platform:** Windows, macOS, Linux (Node.js environments, Python/JS/TS repositories)
- **Capabilities:** Credential harvesting, crypto-wallet theft, decentralized C2, persistence, and anti-analysis (locale checking).
- **First Seen:** October 2025 (Initial waves); March 2026 (Coordinated multi-repo attack).
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1195.001 - Supply Chain Compromise: Compromise Software Dependencies]
- [T1078 - Valid Accounts]
- **[TA0003 - Persistence]**
- [T1547 - Boot or Logon Autostart Execution]
- **[TA0005 - Defense Evasion]**
- [T1027.003 - Obfuscation: Steganography / Invisible Unicode]
- [T1614.001 - System Location Discovery: System Language Discovery]
- **[TA0011 - Command and Control]**
- [T1102.003 - Web Service: One-Way Communication (Blockchain)]
- **[TA0009 - Collection]**
- [T1555 - Credentials from Password Stores]
- [T1552.004 - Unsecured Credentials: Private Keys]
## Functionality
### Core Capabilities
- **Information Theft:** Targets cryptocurrency wallet data (Trezor, Ledger), SSH keys, developer environment variables, and access tokens.
- **Blockchain C2:** Leverages the Solana blockchain; the malware queries a specific address every five seconds to read transaction "memos" containing the latest payload URLs.
- **Supply Chain Injection:** Compromises GitHub accounts to "force-push" malicious code into legitimate repositories, infecting downstream users of Python, JS, and TS packages.
### Advanced Features
- **Invisible Obfuscation:** Uses invisible Unicode characters to hide malicious logic within source code, making it difficult for human reviewers to spot during code audits.
- **Locale-Based Evasion:** The malware checks the system locale; if a Russian locale is detected, the malware terminates execution to avoid targeting users in specific regions.
- **Automated Dependency Delivery:** Downloads its own Node.js runtime to the user's home directory to ensure the JavaScript payload can execute regardless of the pre-installed environment.
## Indicators of Compromise
- **File Names:**
- `~/init.json` (Persistence/Configuration)
- `i.js` (Malicious loader script)
- `~/node-v22*` (Unexpected Node.js runtimes in home directory)
- **Network Indicators:**
- Solana Blockchain (C2 Transaction Memos)
- **Behavioral Indicators:**
- Search codebases for the marker variable: `lzcdrtfxyqiplpd`
- GitHub commit anomalies where committer dates are significantly newer than author dates (indicative of a force-push).
- Outbound polling of Solana API endpoints every 5 seconds.
## Associated Threat Actors
- **Attribution:** Suspected Russian-speaking threat actors (based on code comments and Russian locale exclusion).
## Detection Methods
- **Signature-based:** Scanning for the unique string `lzcdrtfxyqiplpd` in repository files.
- **Behavioral:** Monitoring for unauthorized `git push --force` actions on sensitive branches and alerting on new Node.js binaries appearing in user home directories.
- **Audit:** Inspecting source code for hidden Unicode characters (Zero-width non-joiners/spaces).
## Mitigation Strategies
- **MFA Enforcement:** Mandatory Multi-Factor Authentication for all GitHub and package registry (npm/PyPI) accounts.
- **Branch Protection:** Implement signed commits and branch protection rules to prevent "force-pushes" from bypassing review.
- **Egress Filtering:** Restrict developer environment access to known blockchain API endpoints if not required for business operations.
- **Code Auditing:** Use linters and security scanners specifically configured to detect "invisible" character obfuscation.
## Related Tools/Techniques
- **Living off the Pipeline:** Similar to attacks targeting GitHub Actions or CI/CD workflows.
- **Blockchain C2:** Similar to techniques used by malware like "Glupteba" which utilized the Bitcoin blockchain for C2 discovery.