CrowdStrike, Google shatter Glassworm botnet

CrowdStrike, with Google and Shadowserver, disrupted the Glassworm botnet — a cross-platform, self‑propagating worm that stole credentials, spread via poisoned developer packages and GitHub repos, and used resilient C2 channels (Solana memo fields, Google Calendar events, BitTorrent DHT, and VPS hosts). The takedown severed four C2 channels and CrowdStrike redirected infected hosts to a benign IP (164.92.88.210); organizations are urged to search logs and telemetry for that IP and related indicators.