CrowdStrike and Google dismantle Glassworm botnet that targeted crypto wallet credentials through open source supply chains
CrowdStrike and Google have successfully dismantled the Glassworm botnet, which targeted cryptocurrency wallet credentials through compromised open source software. The operation disrupted all of the botnet's command-and-control channels, effectively cutting off the operators from their infected systems. Glassworm had been active for approximately 18 months, compromising over 300 packages and focusing on 49 types of wallet extensions.
- ▪The Glassworm botnet compromised over 300 open source packages and targeted 49 types of cryptocurrency wallet extensions.
- ▪The takedown operation was executed on May 26, disrupting all four of the botnet's command-and-control channels.
- ▪Operators of the botnet were likely based in Russia and had built a resilient, multi-layered system for their operations.
Opening excerpt (first ~120 words) tap to expand
CrowdStrike and Google dismantle Glassworm botnet that targeted crypto wallet credentials through open source supply chains The sophisticated botnet compromised over 300 open source packages and targeted 49 types of cryptocurrency wallet extensions, using Solana blockchain memos as a command-and-control channel. Share Add us on Google by Editorial Team May. 27, 2026 window.sevioads = window.sevioads || []; var sevioads_preferences = []; sevioads_preferences[0] = {}; sevioads_preferences[0].zone = "01f21ccf-2092-46b1-9ac7-8c44cc782e0f"; sevioads_preferences[0].adType = "native"; sevioads_preferences[0].inventoryId = "c5700508-581b-472c-8fdd-a931cdbfc8e1"; sevioads_preferences[0].accountId = "1e47efc1-ec2d-4fca-a8b9-354e249e5095"; sevioads.push(sevioads_preferences); A coordinated operation…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Crypto Briefing.
Discussion
0 commentsMore from Crypto Briefing
