What is the story about?
CrowdStrike, working in coordination with Google and the Shadowserver Foundation, successfully took down a botnet used by cybercriminals to distribute malware and steal passwords from open-source software developers.
The operation disrupted the activities of the cybercriminal group behind the Glassworm botnet. According to CrowdStrike, the group had been targeting the broader open-source software supply chain for the past two years.
In recent months, several hacking groups have targeted developers and open-source projects to distribute malicious software to companies and organisations that rely on such tools. Reports surrounding the takedown revealed that the Glassworm hackers used multiple strategies to spread malicious code on marketplaces frequently used by developers, including malvertising campaigns.
These platforms were exploited through sponsored search results designed to trick victims into downloading malware and exposing stolen credentials. CrowdStrike said the hackers managed to poison more than 300 GitHub code repositories.
CrowdStrike was able to significantly reduce the hackers’ access to infected systems after taking down four command-and-control channels used by the Glassworm group. The disruption cut off access to compromised computers and prevented the attackers from distributing additional malware.
CrowdStrike worked in a coordinated effort with Google and the Shadowserver Foundation to target Glassworm, which the company claims was based in Russia. In many cases, the malicious code was introduced through compromised NPM and Python packages, as well as trojanised VS Code extensions published on the Open VSX marketplace.
The operation disrupted the activities of the cybercriminal group behind the Glassworm botnet. According to CrowdStrike, the group had been targeting the broader open-source software supply chain for the past two years.
In recent months, several hacking groups have targeted developers and open-source projects to distribute malicious software to companies and organisations that rely on such tools. Reports surrounding the takedown revealed that the Glassworm hackers used multiple strategies to spread malicious code on marketplaces frequently used by developers, including malvertising campaigns.
These platforms were exploited through sponsored search results designed to trick victims into downloading malware and exposing stolen credentials. CrowdStrike said the hackers managed to poison more than 300 GitHub code repositories.
CrowdStrike was able to significantly reduce the hackers’ access to infected systems after taking down four command-and-control channels used by the Glassworm group. The disruption cut off access to compromised computers and prevented the attackers from distributing additional malware.
CrowdStrike worked in a coordinated effort with Google and the Shadowserver Foundation to target Glassworm, which the company claims was based in Russia. In many cases, the malicious code was introduced through compromised NPM and Python packages, as well as trojanised VS Code extensions published on the Open VSX marketplace.
