CrowdStrike Takes Down Glassworm: A Botnet That Targeted Software Developers

On May 26, 2026, security company CrowdStrike worked with Google and the Shadowserver Foundation to shut down the Glassworm botnet. This was a significant operation: Glassworm had been quietly infecting developer computers since early 2025 by hiding inside popular open-source code libraries and tools—the building blocks that software engineers rely on every day.

How Glassworm Spread: A Distributed Command Network

Glassworm's operators were sophisticated. They didn't rely on a single point of control. Instead, they set up four separate channels to command their botnet: cryptocurrency transactions on the Solana blockchain, BitTorrent networks, a public calendar service, and direct connections to servers. This approach made it much harder for security researchers to shut everything down at once—if one channel was blocked, the others could keep working.

The botnet spread by injecting malicious code into popular developer tools. It compromised packages on npm and PyPI (repositories where developers download code libraries), and it published fake extensions for Visual Studio Code, a widely used code editor. These fake tools looked legitimate—offering features like language support or productivity improvements—so developers trusted them.

The Invisible Payload: Unicode Hiding

Here's where things get technically clever. The attackers used a technique called Unicode character embedding. Unicode is the system computers use to display text in many languages and symbols. The Unicode standard includes something called "Private Use Area" characters—basically blank slots reserved for custom applications. The attackers hid their malicious code in these invisible characters within legitimate-looking source code files.

Think of it like this: imagine you wrote a letter with secret messages embedded in the spaces between words, using symbols that look like blank space but contain hidden instructions. A person reading the letter would see nothing unusual, but a computer executing the code would activate the hidden instructions.

By mid-March 2026, researchers had found approximately 433 compromised packages and extensions across OpenVSX, GitHub, and npm.

Targeting Developers: The High-Value Target

There's a strategic logic to this attack. Developers write the software that millions of people use—on phones, computers, in the cloud. If you can infect a developer's computer, your malicious code can spread to everything that developer touches. This is called a supply chain attack, and it has become increasingly common.

The attackers specifically targeted VS Code extensions because the OpenVSX marketplace (an alternative to Microsoft's official marketplace) tends to have less rigorous security review. A malicious extension that looks like a useful tool can sit on a developer's machine, hidden and active, for months.

Worth Flagging

The Glassworm campaign fits into a pattern we've seen accelerate since the SolarWinds attack in 2020. Over the past five years, attackers have systematically moved their targets upstream in the software creation process. Instead of compromising finished applications, they now target the development environment itself—the tools, libraries, and extensions that developers use to build software. This shift makes each attack more valuable because the damage cascades through many downstream products.

The Takedown Operation

Coordinating the shutdown required CrowdStrike, Google, and the Shadowserver Foundation to work simultaneously across blockchain networks, distributed systems like BitTorrent, and traditional servers. This coordination challenge itself illustrates how modern botnets have become harder to dismantle when they use decentralized infrastructure.

What This Means for Security

The Glassworm incident exposes a real gap in how we protect open-source software. Most security tools and code review processes are designed to catch malicious code that's visible or obvious. Unicode character embedding is invisible to human reviewers and can slip past basic automated scans.

Organizations with developers should consider strengthening their security practices around development tools. Standard antivirus software may not detect hidden payloads embedded in extensions or packages. More useful defenses include monitoring developer machines for unusual network activity, regularly auditing which extensions and packages are installed, and using specialized tools that can scan for steganographic (hidden) techniques.

The bigger issue is structural. Package managers like npm and extension marketplaces rely on a trust model: they assume that reputable developers and community reviewers will catch problems. As this incident shows, sophisticated attackers can work around that. Stricter validation processes for extensions, better automated scanning, and tighter controls on package publishing would all help—though they'd also slow down development workflows, which creates a real tension.

Looking Forward

CrowdStrike's successful coordination to dismantle Glassworm is encouraging. It shows that when security vendors, platform providers, and the broader research community work together, they can respond to serious threats. The botnet itself is gone—but the techniques it used will likely reappear in future campaigns. As developer toolchains become increasingly attractive targets for sophisticated attackers, the security model for how software is built needs to keep evolving.