MLXIO
a rack of electronic equipment in a dark room
CybersecurityMay 28, 2026· 6 min read· By MLXIO Insights Team

300 Poisoned GitHub Repos Expose Glassworm Botnet Threat

Share

MLXIO Intelligence

Analysis Snapshot

59
Moderate
Confidence: LowTrend: 10Freshness: 100Source Trust: 85Factual Grounding: 91Signal Cluster: 40

Moderate MLXIO Impact based on trend velocity, freshness, source trust, and factual grounding.

Thesis

High Confidence

Glassworm’s disruption cuts active command channels, but the larger risk is already-poisoned open source code and compromised developer access embedded across GitHub workflows.

Evidence

  • CrowdStrike, Google, and Shadowserver disrupted Glassworm, a botnet used to steal passwords and push malicious code at open source developers.
  • CrowdStrike said the campaign targeted the open source software supply chain for two years and poisoned more than 300 GitHub repositories.
  • CrowdStrike said it took down four command-and-control channels using Solana, BitTorrent, Google Calendar, and virtual private servers.
  • The operators used malicious developer extensions, malvertising, and previously stolen credentials to hijack developer accounts and plant malware.

Uncertainty

  • The legal or technical authority behind the takedown remains unclear.
  • TechCrunch framed attribution cautiously, while Cybersecurity Dive reported the operators were likely based in Russia.
  • The article does not establish how many downstream organizations or users were affected by poisoned repositories.

What To Watch

  • Whether GitHub repositories linked to Glassworm are removed, cleaned, or found in downstream dependency chains.
  • Any signs that Glassworm operators reconstitute command-and-control through alternate infrastructure.
  • Further disclosures from CrowdStrike, Google, Shadowserver, or affected developer platforms on scope and remediation.

Verified Claims

CrowdStrike, working with Google and Shadowserver, disrupted the Glassworm botnet.
📎 The article says CrowdStrike, Google, and Shadowserver disrupted the Glassworm botnet.High
Glassworm targeted the broader open source software supply chain for two years.
📎 CrowdStrike said the campaign has targeted the broader open source software supply chain for two years.High
Glassworm poisoned more than 300 GitHub code repositories.
📎 CrowdStrike said the campaign poisoned more than 300 GitHub code repositories.High
Glassworm used malicious developer extensions, malvertising, and previously stolen credentials to compromise developer accounts and plant malware in code.
📎 CrowdStrike said the operators used malicious developer extensions, malvertising, and credentials stolen in earlier hacks.High
CrowdStrike said it took down four Glassworm command-and-control channels using Solana blockchain, BitTorrent, Google Calendar, and virtual private servers.
📎 The article lists Solana blockchain, BitTorrent peer-to-peer network, Google Calendar, and virtual private servers as the four command channels.High

Frequently Asked

What was the Glassworm botnet used for?

Glassworm was used to steal passwords, push malicious code at open source software developers, and poison GitHub repositories.

How many GitHub repositories did Glassworm poison?

CrowdStrike said Glassworm poisoned more than 300 GitHub code repositories.

How did Glassworm infect or compromise developers?

According to CrowdStrike, Glassworm used malicious developer extensions, malvertising, and credentials stolen in earlier hacks to hijack developer accounts and plant malware in code.

What command-and-control channels did Glassworm use?

CrowdStrike said Glassworm used Solana blockchain, BitTorrent peer-to-peer networking, Google Calendar, and virtual private servers as command-and-control channels.

Why are compromised developers a supply chain risk?

CrowdStrike warned that compromising one developer workstation can cascade into a supply-chain compromise affecting thousands of downstream organizations and users.

Useful Tools

AI News SummarizerAI

Inspect, summarize, or transform technical context from this story.

Trend AnalyzerAI

Inspect, summarize, or transform technical context from this story.

Regex Tester

Inspect, summarize, or transform technical context from this story.

Updated on May 28, 2026

If CrowdStrike and Google cut off Glassworm’s command channels, how much poisoned open source code is already sitting inside developer workflows?

CrowdStrike, working with Google and Shadowserver, disrupted the Glassworm botnet, a malware operation used to steal passwords and push malicious code at open source software developers, according to TechCrunch. CrowdStrike said the campaign has targeted the broader open source software supply chain for two years and poisoned more than 300 GitHub code repositories.

“Adversaries are no longer just targeting products, they’re targeting the developers who build them,” CrowdStrike wrote. “Developers represent uniquely high-value targets: compromising a single developer’s workstation can cascade into a supply-chain compromise that impacts thousands of downstream organizations and users.”

How did Glassworm turn developer trust into attack infrastructure?

Glassworm did not rely on one path into developer systems. CrowdStrike said the operators used malicious developer extensions, malvertising, and credentials stolen in earlier hacks to hijack developer accounts and plant malware in code.

That mix matters because it targets the places developers already trust. A sponsored search result can point to malware. A developer marketplace can host a malicious extension. A previously stolen password can reopen a legitimate account and make poisoned code look routine.

CrowdStrike said it took down four command-and-control channels used by Glassworm. That move cut the operators’ access to infected machines and stopped them from delivering more malware, according to the company.

The botnet’s command setup was unusually spread out. CrowdStrike said the channels relied on:

  • Solana blockchain: used as part of the botnet’s command-and-control architecture.
  • BitTorrent peer-to-peer network: another route for command distribution.
  • Google Calendar: a legitimate Google service abused by the operators.
  • Virtual private servers: conventional infrastructure supporting the operation.

That combination suggests Glassworm was built to survive simple takedown efforts. If one channel went down, others could keep infected systems reachable. CrowdStrike, Google, and Shadowserver moved against all four at once.

Cybersecurity Dive reported that CrowdStrike led the coordinated disruption on May 26, 2026, and said Glassworm’s operators were likely based in Russia. TechCrunch’s report, however, frames the attribution more cautiously around the cybercriminals behind the botnet. The legal or technical authority behind the takedown remains unclear; CrowdStrike spokesperson Kirsten Speas declined to comment to TechCrunch beyond the company’s blog.

Why are open source developers now the shortest path into companies?

The Glassworm campaign shows the logic behind modern software supply chain attacks: compromise the developer, then let trusted code distribution do the rest.

A developer workstation can hold credentials, access to source repositories, package publishing rights, build systems, and cloud tooling. CrowdStrike’s warning is direct: one compromised workstation can become a route into many downstream organizations and users.

That is why the 300-plus poisoned GitHub repositories are the core number in this case. Glassworm was not just trying to infect isolated endpoints. It was trying to move through the trust companies place in open source code, maintainers, and developer platforms.

The attackers also used stolen credentials from prior hacks. That detail raises the risk for organizations that treat credential rotation as a post-incident cleanup task rather than a standing control. If old credentials still work, attackers do not need an exploit. They can log in.

The use of malvertising adds another pressure point. Developers searching for tools, extensions, packages, or fixes may land on sponsored results that look credible enough to click. MLXIO has tracked that same ad-driven attack surface in other contexts, including Fake Uniswap Google Ads Drain $400K in Wallet Trap, though the Glassworm reporting concerns open source developers rather than crypto wallets.

For Google, the case is also awkward in a narrower way. One Glassworm command channel used Google Calendar, according to CrowdStrike. That does not mean Google Calendar was compromised. It means attackers abused a legitimate service as infrastructure. MLXIO has covered separate Google security scrutiny in Shadow AI Puts Google Cloud AI Security on Trial, but the common thread here is not one product flaw. It is the difficulty of spotting hostile behavior when attackers hide inside normal developer and cloud workflows.

Which systems should security teams inspect before the next Glassworm wave?

The immediate response is not just “remove the malware.” Organizations that rely on open source packages should assume the blast radius may include developer endpoints, package dependencies, commit history, and credentials tied to build or publishing systems.

CrowdStrike said the takedown stopped Glassworm from delivering more malware through the disrupted channels. That is not the same as proving every infected machine is clean or every poisoned repository has been fixed.

Security teams should prioritize checks that match the campaign’s tactics:

  • Developer endpoints: Scan machines used for coding, package publishing, and repository administration.
  • Credentials: Rotate developer passwords and review credentials reused across repositories, package registries, and internal systems.
  • Account activity: Look for suspicious logins tied to developer accounts, especially where credentials may have been stolen in earlier incidents.
  • Repository history: Review recent commits, releases, and dependency changes in projects tied to affected developers.
  • Package pipelines: Inspect build, publish, and CI/CD activity for unexpected changes or payloads.
  • Marketplace exposure: Audit installed developer extensions, especially those sourced from marketplaces where malicious extensions may have appeared.

Those steps are analysis based on the tactics CrowdStrike described. The public reporting does not include a full list of affected projects, a confirmed number of infected developers, or evidence that specific companies were breached through downstream use of poisoned code.

Recent incidents show the pattern is not isolated. TechCrunch reported that last week hackers compromised several open source projects in a separate campaign called “Mini Shai-Hulud,” and that at least two OpenAI developers were compromised. In March, a suspected North Korean hacker hijacked Axios, a popular open source software development tool used by millions of developers.

Which Glassworm answers will take months to surface?

The takedown answers the infrastructure question. It does not settle the exposure question.

The biggest unknown is whether poisoned repositories led to successful intrusions at companies that pulled or ran the affected code. Public reports also do not yet say how many developer machines were infected, how long individual accounts were controlled, or whether stolen credentials were used beyond the open source projects already identified.

Glassworm’s operators may also try to rebuild. CrowdStrike said the disruption cut access to infected computers and stopped more malware delivery through the targeted channels. A botnet operator with stolen credentials, infected hosts, or working social-engineering paths may still have material to work with.

The next useful signals will be concrete: affected package lists, indicators of compromise, repository names, remediation guidance, and any confirmation of downstream corporate breaches. Until then, the practical stance is narrow but urgent: treat developer identity, endpoints, and publishing rights as production infrastructure, not as background IT.

Impact Analysis

  • Glassworm shows how compromising developers can spread malware through trusted open source workflows.
  • More than 300 GitHub repositories were reportedly poisoned, creating downstream risk for organizations that reuse code.
  • Disrupting four command-and-control channels limits the botnet, but already-compromised code and credentials may remain a threat.

Glassworm's Reported GitHub Impact

Poisoned GitHub repositories
repositories300

Sources

MLXIO

Written by

MLXIO Insights Team

Algorithmic Research & Human Oversight

Powered by advanced algorithmic research and perfected by human oversight. The Insights Team delivers highly structured, cross-verified analysis on emerging tech trends and digital shifts, filtering out the fluff to give you high-fidelity value.

Explore More Topics

TechnologyAI / MLTradingFinanceCryptoStartupsCybersecurityCreatorsScienceBusinessGlobal Trends

Related Articles

Hacker in hoodie working on multiple computer screens
CybersecurityMay 12, 2026

AI Crafts First Zero-Day Exploit, Shaking Cybersecurity Defenses

Google confirms AI-developed zero-day exploit targeting two-factor authentication, signaling a new, automated threat in cybersecurity.

6 min read

black flat screen computer monitor
CybersecurityMay 25, 2026

CISA Spilled Cloud Keys on GitHub — Then Said No Harm

A CISA contractor exposed passwords, tokens and AWS GovCloud keys on GitHub. The agency says it sees no sign sensitive data was compromised.

6 min read

Matrix movie still
CybersecurityMay 26, 2026

34 TrapDoor Packages Poison AI Coding Tools to Steal Keys

TrapDoor pushed 34 malicious packages across npm, PyPI and Crates.io to steal credentials and poison AI coding workflows.

6 min read

a close up of a network with wires connected to it
CybersecurityMay 25, 2026

Shadow AI Puts Google Cloud AI Security on Trial

Google Cloud says AI security can’t be bolted on later—while shadow AI shows even platform giants are learning live.

9 min read

people walking on sidewalk near white concrete building during night time
CybersecurityMay 22, 2026

Leaked AWS GovCloud Keys Drag CISA Into Congress Fight

CISA faces congressional scrutiny after a contractor exposed agency credentials and AWS GovCloud keys on GitHub.

7 min read

a wallet sitting on top of a wooden table next to a cell phone
TechnologyMay 27, 2026

2.4mm Wallet Tracker Exposes Apple’s AirTag Problem

KeySmart’s 2.4mm SmartCard Pro fixes AirTag’s wallet bulge with wireless charging and Apple-Google tracking support.

8 min read

person holding black android smartphone
TechnologyMay 27, 2026

Pixel 10 Pro Deal Drops to $749 as Google Chases Buyers

Pixel 10 Pro is back at $749 and Pixel 10a at $449, turning Google’s discounts into a bigger bet on adoption.

8 min read

black computer keyboard
TechnologyMay 27, 2026

Free Mojito for Mac Kills Apple's Emoji Hunt With :tada:

Mojito gives macOS a free Slack-style emoji autocomplete, turning colon shortcuts into emoji across regular Mac apps.

7 min read

person holding phone
TechnologyMay 28, 2026

$60 Halide Mark III Bets iPhone Shooters Want More

Halide Mark III adds Looks, Photo Lab and a rebuilt iPhone camera UI for photographers who want deeper control.

6 min read

nintendo game boy pokemon game cartridge
TechnologyMay 28, 2026

Pokémon Soundcore C50i Bets $89 on Wearable Fandom

Anker Japan’s $89 Pokémon Soundcore C50i turns clip-on earbuds into wearable fandom before a July launch.

7 min read

Stay ahead of the curve

Get a weekly digest of the most important tech, AI, and finance news — curated by AI, reviewed by humans.

No spam. Unsubscribe anytime.