CrowdStrike and Google Just Nuked Glassworm: The Botnet That Ate Open Source
It seems the security giants at CrowdStrike and Google finally stopped playing tag with the Glassworm botnet. While it’s charming to see them do their actual jobs for once, one has to wonder why it took two years to notice the party.
Glassworm has spent two full years treating the open-source supply chain like an all-you-can-eat buffet. By targeting the developers themselves rather than just their code, these digital bandits turned trusted platforms like GitHub into breeding grounds for credential theft and malware.
The operation relied on a Swiss Army knife of delivery methods. The hackers were buying sponsored search results to serve fake tools and stuffing malicious code into browser extensions that developers blindly installed. It’s a classic case of weaponizing human trust, essentially turning the industry's collaborative spirit against itself.
CrowdStrike managed to cut off the four primary command-and-control channels, effectively putting the botnet in a digital timeout. What made the infrastructure particularly creative—and frankly, a bit ridiculous—was the use of Solana blockchain, BitTorrent, and even Google Calendar to hide their tracks. Over 300 GitHub repositories were compromised before the plug was finally pulled.
This is the natural evolution of cybercrime where the attacker stops fighting the software and starts hunting the tired, caffeine-fueled human at the keyboard. As long as developers are desperate for that one perfect productivity plugin, the incentive to build a digital house of cards will remain higher than the incentive to actually secure it.
Source: CrowdStrike
Comments
This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.