Skip to main content
RuntimeRebel
← All Articles

Tag

#GlassWorm

10 articles

Advertisement

GlassWorm Malware Takedown: Disruption of Developer Supply Chain C2
HIGH
Supply Chain

GlassWorm Malware Takedown: Disruption of Developer Supply Chain C2

CrowdStrike, Google, and Shadowserver disrupt the GlassWorm malware C2 infrastructure, halting a persistent developer-focused supply chain attack campaign.

Runtime Rebel Intel
3 min read·May 27, 2026
GlassWorm Campaign Leverages Malicious VS Code Extensions
HIGH
Supply Chain

GlassWorm Campaign Leverages Malicious VS Code Extensions

Runtime Rebel details the GlassWorm campaign, which infects developers via malicious Visual Studio Code extensions on Open VSX, facilitating a supply chain attack.

Runtime Rebel Intel
5 min read·Apr 28, 2026
SU
HIGH
Supply Chain

GlassWorm Malware: Cloned Open VSX Extensions Target Developers

Over 70 malicious Open VSX extensions cloned from popular tools deliver GlassWorm malware, highlighting risks in developer-focused supply chain attacks.

Runtime Rebel Intel
3 min read·Apr 28, 2026
MA
HIGH
Malware

GlassWorm Malware Resurfaces via 73 OpenVSX Sleeper Extensions

A new GlassWorm campaign exploits the OpenVSX ecosystem with 73 'sleeper' extensions, posing a significant supply chain threat to developers.

Runtime Rebel Intel
4 min read·Apr 28, 2026
GlassWorm Campaign: Zig Dropper Infects Developer IDEs via Open VSX
HIGH
Supply Chain

GlassWorm Campaign: Zig Dropper Infects Developer IDEs via Open VSX

The GlassWorm campaign exploits the Open VSX registry with a malicious Zig-based dropper, impersonating WakaTime to compromise multiple developer IDEs.

Runtime Rebel Intel
4 min read·Apr 10, 2026
GlassWorm Malware Uses Solana Dead Drops for Stealthy C2 Delivery
HIGH
Malware

GlassWorm Malware Uses Solana Dead Drops for Stealthy C2 Delivery

GlassWorm evolves to use Solana blockchain metadata for C2 infrastructure, deploying a RAT and a malicious Google Docs Chrome extension to steal crypto data.

Runtime Rebel Intel
3 min read·Mar 25, 2026
GlassWorm Malware: Detecting Obfuscated Payloads in Browser Extensions
MEDIUM
Malware

GlassWorm Malware: Detecting Obfuscated Payloads in Browser Extensions

Technical analysis of GlassWorm (ChromeLoader) evolution, detailing how the malware hides malicious JavaScript within legitimate browser extension dependencies.

Runtime Rebel Intel
4 min read·Mar 17, 2026
GlassWorm: Stolen GitHub Tokens Fuel Python Malware Injection
HIGH
Supply Chain

GlassWorm: Stolen GitHub Tokens Fuel Python Malware Injection

The GlassWorm campaign uses stolen GitHub tokens to inject malicious code into Python repositories, including Django and machine learning projects.

Runtime Rebel Intel
3 min read·Mar 16, 2026
SU
HIGH
Supply Chain

ForceMemo: Credential Theft Compromises Python Repositories

Researchers reveal ForceMemo, a campaign exploiting credentials stolen via GlassWorm to compromise hundreds of GitHub accounts and Python repositories.

Runtime Rebel Intel
3 min read·Mar 16, 2026
GlassWorm Abuses Open VSX Registry in Supply-Chain Attack
HIGH
Supply Chain

GlassWorm Abuses Open VSX Registry in Supply-Chain Attack

The GlassWorm campaign exploits transitive dependencies in 72 Open VSX extensions to deliver malicious loaders into developer environments.

Runtime Rebel Intel
3 min read·Mar 14, 2026