GlassWorm attack installs fake browser extension for surveillance
Essential information
- Published
- 26/03/2026 20:45
- Modified
- 27/03/2026 00:11
- Tags
- 2026-03-26 blockchain browser extension cryptocurrency developers glassworm infostealer remote access trojan supply chain attack
- Related entities
- 1 observables, 1 intrusion sets (apt), 18 techniques (mitre), 1 malware
Description
GlassWorm is a sophisticated malware targeting developers through compromised code repositories and package managers. It executes in stages, starting with a stealthy infection that fingerprints the machine and fetches further payloads via the Solana blockchain. The malware steals sensitive data, including cryptocurrency wallets and development credentials, installs a Remote Access Trojan (RAT), and deploys a fake Chrome extension for extensive surveillance. It uses distributed hash tables and blockchain for resilient command and control. While initially focused on developers with potential cryptocurrency assets, the stolen information could enable wider supply chain attacks. Prevention strategies include careful package management, regular extension audits, and up-to-date anti-malware solutions.