Major Developer Malware Network Disrupted
TL;DR: CrowdStrike, Google, and the Shadowserver Foundation have successfully disrupted the GlassWorm malware campaign. This operation dismantled the command-and-control infrastructure used in a persistent software supply chain attack that targeted developers with malicious packages and extensions since at least early 2025.
Key facts
- Category
- Cybersecurity
- Impact
- Critical
- Published
- Source
- The Hacker News
Full summary
CrowdStrike and Google have dismantled the GlassWorm malware network, a supply chain campaign targeting developers through malicious packages and extensions.
Cybersecurity firms CrowdStrike and Google, working with the Shadowserver Foundation, have successfully disrupted the GlassWorm malware campaign. The coordinated operation dismantled all known command-and-control (C2) infrastructure associated with the persistent software supply chain attack. Active since at least early 2025, GlassWorm operators systematically targeted software developers by distributing malicious packages and extensions. These tools were designed to compromise developer environments, giving attackers a foothold to potentially inject malicious code into legitimate software projects and distribute it to unsuspecting users. The takedown severs the connection between the attackers and their malware, neutralizing the immediate threat.
This action is a critical win for software supply chain security, a major area of concern for businesses of all sizes. By targeting developers directly, attackers can bypass traditional security perimeters and poison software at its source. The disruption protects countless organizations that rely on the integrity of the development ecosystem. For CTOs, developers, and security teams, this event highlights the ongoing risks associated with third-party dependencies and development tools. It underscores the importance of vetting all software components, monitoring for unusual network activity, and fostering a security-conscious culture within engineering teams to prevent similar attacks from succeeding in the future.
Why it matters
This coordinated takedown neutralizes a major threat to the software supply chain, protecting developers and the integrity of the software they build.
Business impact
Disrupting GlassWorm prevents the injection of malicious code into legitimate software, safeguarding companies from potential data breaches, reputational damage, and financial loss that could result from compromised products.
Action checklist
- 1Review and audit all third-party packages and extensions used in your development environments.
- 2Scan developer workstations for indicators of compromise related to GlassWorm.
- 3Ensure developer accounts use multi-factor authentication (MFA) to limit unauthorized access.
- 4Educate your development team on the risks of software supply chain attacks.
Tags
Related on Notifire
Primary source: The Hacker News