How cybersecurity firms took down Glassworm botnet in one shot

CrowdStrike, Google, and Shadowserver coordinated a simultaneous takedown of the Glassworm botnet’s four C2 channels; Glassworm was a year-long, developer-focused supply-chain campaign that trojanized VS Code/OpenVSX extensions, npm/PyPI packages, and GitHub repositories to deploy GlasswormRAT, steal credentials, proxy/VNC access, and drain crypto, using resilient resolution layers (Solana memo fields, BitTorrent DHT, Google Calendar) to hide C2; the takedown redirected infected hosts to a benign IP (164.92.88.210) and published YARA rules, but the report warns the underlying supply-chain exposure remains a high-risk problem.