216.73.217.50

GlassWorm attack installs fake browser extension for surveillance

· Published 26/03/2026 20:45 · Modified 27/03/2026 00:11

Export JSON

Essential information

Published
26/03/2026 20:45
Modified
27/03/2026 00:11
Tags
2026-03-26 blockchain browser extension cryptocurrency developers glassworm infostealer remote access trojan supply chain attack
Related entities
1 observables, 1 intrusion sets (apt), 18 techniques (mitre), 1 malware

Description

is a sophisticated malware targeting through compromised code repositories and package managers. It executes in stages, starting with a stealthy infection that fingerprints the machine and fetches further payloads via the Solana . The malware steals sensitive data, including wallets and development credentials, installs a (RAT), and deploys a fake Chrome extension for extensive surveillance. It uses distributed hash tables and for resilient command and control. While initially focused on with potential assets, the stolen information could enable wider supply chain attacks. Prevention strategies include careful package management, regular extension audits, and up-to-date anti-malware solutions.

External references