S9010: GlassWorm
GlassWorm is a worm that propagated through supply chain attacks by compromising repository credentials from victim environments and having malicious payloads added to those compromised accounts for distribution to victims across the various development ecosystems.[1][2][3] GlassWorm has numerous variants, including Rust binaries, encrypted JavaScript and a variant leveraging invisible Unicode characters that made reverse engineering difficult.[4][1][5] GlassWorm has employed a unique command and control (C2) methodology using Solana blockchain.[6][1] GlassWorm was first reported in October 2025.[6][1][3]
Analyst context for executives and security teams
GlassWorm matters because it targets the software delivery chain rather than only individual endpoints. The supplied ATT&CK entry describes a worm that spread by compromising repository credentials and adding malicious payloads for distribution across development ecosystems, with variants using Rust binaries, encrypted JavaScript, invisible Unicode, and Solana blockchain-based C2. For leaders, this makes GlassWorm a risk to developer trust, release integrity, and incident scoping, especially where repository credentials, extensions, packages, and developer workstations are not monitored together.
Executive priority
Prioritize GlassWorm as a software supply chain and identity-control validation case. Key executive questions are: which repository credentials and tokens can publish code or packages; whether changes to dependencies, extensions, and repositories are auditable; whether macOS and Windows developer endpoints have sufficient telemetry; and whether incident response can quickly revoke credentials, validate source integrity, and determine downstream distribution exposure. This is also useful compliance evidence for access control, change management, logging, and secure development lifecycle controls.
Technical view
The object has no ATT&CK tactics specified and no official detection text, but its relationships indicate behavior spanning supply chain initial access, script execution, persistence, discovery, collection, credential access, stealth/obfuscation, and command-and-control. SOC and IR teams should validate coverage around compromised repository credentials, malicious dependency or development-tool updates, JavaScript and AppleScript execution, encrypted or encoded files, invisible Unicode in source or package content, macOS Launch Agents, Windows Run Keys or Startup Folder entries, local data staging, browser/session-cookie access, code repository and database collection, HTTP/S C2, fallback channels, dead-drop resolver behavior, internal proxying, and ingress tool transfer. Treat developer workstations, repository SaaS logs, package or extension publishing workflows, and outbound network telemetry as a combined detection surface rather than separate control domains.
Likely telemetry
- Code repository audit logs: authentication events, token use, credential changes, publishing activity, commits, package or extension updates, and anomalous access to private repositories.
- Developer endpoint telemetry on macOS and Windows: process creation, script interpreter activity, file writes, persistence locations, and security tool events.
- macOS-specific telemetry: osascript or AppleScript execution and Launch Agent plist creation or modification.
- Windows-specific telemetry: Registry Run Key changes, Startup Folder writes, script execution, and process ancestry for unexpected JavaScript/JScript activity.
- Source, package, and artifact scanning results for encrypted or encoded content, invisible or non-printing Unicode characters, masqueraded files, and unexpected Rust binaries or JavaScript payloads.
Detection direction
- Because MITRE provides no official detection guidance for this object, start with control validation mapped to the related techniques rather than assuming existing malware signatures are sufficient.
- Correlate repository events with endpoint activity: suspicious publishing or commit activity should be reviewed alongside the developer host that held the credential or token.
- Tune for developer-environment false positives: JavaScript, AppleScript, Rust binaries, package publishing, and repository access can be normal in engineering workflows, so detections should emphasize unusual process lineage, new persistence, encoded content, invisible Unicode, unexpected destinations, and credential use outside normal patterns.
- Add review logic for invisible or non-printing Unicode in source code, package manifests, extensions, scripts, and build artifacts, since visual code review may miss this behavior.
- Validate macOS and Windows persistence monitoring separately: Launch Agents on macOS and Run Keys or Startup Folder entries on Windows represent different evidence paths.
Mitigation priorities
- Harden repository identity first: enforce least privilege for publishing rights, strong authentication, scoped and short-lived tokens where feasible, rapid token revocation, and review of dormant or over-privileged developer accounts.
- Protect the software delivery path: require review and provenance checks for dependency, extension, package, and build artifact changes; monitor for unexpected maintainership or publishing changes.
- Improve secure code and artifact review for obfuscation indicators, including encrypted or encoded payloads and invisible Unicode characters.
- Strengthen developer endpoint controls on macOS and Windows, including monitoring and restriction of unauthorized persistence mechanisms, script execution abuse, and unexpected tool downloads.
- Prepare IR playbooks for supply chain compromise: revoke repository credentials, preserve audit logs, validate affected commits/packages/extensions, identify downstream distribution, and coordinate rollback or notification decisions.
Analyst notes and limits
This take is based only on the supplied ATT&CK software object, external references, and stated relationships. The strongest decision value is the intersection of software supply chain compromise, developer identity, endpoint persistence, obfuscated code, and C2 resilience. GlassWorm is officially listed for macOS and Windows in the supplied object; several related techniques include broader platforms, but those should be treated as technique context rather than confirmed GlassWorm platform scope.
The ATT&CK object provides no official detection text, no specified tactics on the software object, and no environment-specific indicators. The external references are listed but not expanded beyond the supplied descriptions. Local repository architecture, package ecosystems, developer endpoint baselines, token practices, and logging coverage are required to determine actual exposure and detection confidence.
GlassWorm
GlassWorm is a worm that propagated through supply chain attacks by compromising repository credentials from victim environments and having malicious payloads added to those compromised accounts for distribution to victims across the various development ecosystems.[1][2][3] GlassWorm has numerous variants, including Rust binaries, encrypted JavaScript and a variant leveraging invisible Unicode characters that made reverse engineering difficult.[4][1][5] GlassWorm has employed a unique command and control (C2) methodology using Solana blockchain.[6][1] GlassWorm was first reported in October 2025.[6][1][3]
How security teams should use this page
Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.
Techniques used
This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.
| Domain | ID | Name | Relationship / procedure |
|---|---|---|---|
| Enterprise | T1213.006 | Databases Sub-technique | GlassWorm has collected data from macOS devices through the gathering of Apple Notes related files by targeting `/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite`, `/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite-wal`, and `/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite-shm`.CitationSocket GlassWorm January 2026 |
| Enterprise | T1571 | Non-Standard Port | GlassWorm has distributed C2 using BitTorrent’s Distributed Hash Table (DHT) network to harness a decentralized command capability.CitationKoi Glassworm InvisibleCode October 2025 |
| Enterprise | T1480 | Execution Guardrails | GlassWorm has utilized logic to avoid executing on Russian based devices.CitationSocket GlassWorm January 2026 |
| Enterprise | T1124 | System Time Discovery | GlassWorm has the ability to check the system’s time zone on the victim device.CitationSocket GlassWorm January 2026 |
| Enterprise | T1560.001 | Archive via Utility Sub-technique | GlassWorm has archived collected files within a zip file prior to exfiltration to include `/tmp/out.zip`.CitationSocket GlassWorm January 2026 |
| Enterprise | T1071.001 | Web Protocols Sub-technique | GlassWorm has used HTTP for C2 and extracts data from the HTTP response headers.CitationKoi Glassworm InvisibleCode October 2025 |
| Enterprise | T1543.001 | Launch Agent Sub-technique | GlassWorm has established persistence on macOS via a LaunchAgent by writing a plist under `/library/LaunchAgents`.CitationKoi Glassworm New Tricks December 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1090.001 | Internal Proxy Sub-technique | GlassWorm has leveraged peer-to-peer software to facilitate communications within the victim network to include the software WebRTC.CitationKoi Glassworm InvisibleCode October 2025 GlassWorm has also established a SOCKS proxy to interact with victim devices that also acted as a proxy node for follow-on behaviors.CitationKoi Glassworm InvisibleCode October 2025 |
| Enterprise | T1602.002 | Network Device Configuration Dump Sub-technique | GlassWorm has gathered data pertaining to VPN configurations.CitationKoi Glassworm New Tricks December 2025CitationSocket GlassWorm January 2026 GlassWorm has also targeted locally stored data on macOS located in `/Library/Application Support/Fortinet/FortiClient/conf/vpn.plist`.CitationSocket GlassWorm January 2026 |
| Enterprise | T1555.001 | Keychain Sub-technique | GlassWorm has collected keys stored within `/Library/Keychains/login.keychain-db`.CitationKoi Glassworm New Tricks December 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1140 | Deobfuscate/Decode Files or Information | |
| Enterprise | T1678 | Delay Execution | GlassWorm has used a timeout function set to `9e5` which delays execution 900,000 milliseconds or 15 minutes to avoid detection.CitationKoi Glassworm New Tricks December 2025 |
| Enterprise | T1539 | Steal Web Session Cookie | GlassWorm has harvested Safari cookies stored within `/Library/Containers/com.apple.Safari/Data/Library/Cookies/ Cookies.binarycookies`.CitationSocket GlassWorm January 2026 GlassWorm has also stolen cookies within Chromium and Firefox browsers.CitationKoi Glassworm New Tricks December 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1102.001 | Dead Drop Resolver Sub-technique | GlassWorm has leveraged blockchain-based C2 infrastructure to include Solana blockchain that contains additional C2 details within the memo field.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm Extensions November 2025CitationKoi Glassworm InvisibleCode October 2025CitationAikido GlassWorm October 2025CitationSocket GlassWorm January 2026CitationKoi GlassWorm Rust December 2025 GlassWorm has also leveraged Google Calendar to host encoded data.CitationKoi Glassworm InvisibleCode October 2025CitationSocket GlassWorm January 2026CitationKoi GlassWorm Rust December 2025 |
| Enterprise | T1213.003 | Code Repositories Sub-technique | GlassWorm has gathered code repository authentication materials for NPM and GitHub.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm InvisibleCode October 2025CitationSocket GlassWorm January 2026 GlassWorm has collected details pertaining to the npm configuration data for `_authToken`.CitationKoi Glassworm InvisibleCode October 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1555.003 | Credentials from Web Browsers Sub-technique | GlassWorm has gathered credentials stored in Mozilla FireFox and Chromium-based Browsers.CitationKoi Glassworm New Tricks December 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1005 | Data from Local System | GlassWorm has collected local data from a compromised host to include desktop cryptocurrency wallet data, and documents from within Desktop, Documents, and Downloads.CitationSocket GlassWorm January 2026 |
| Enterprise | T1564.003 | Hidden Window Sub-technique | GlassWorm has leveraged Hidden Virtual Network Computing (HVNC) to remain undetected and conduct execution of collection and communication actions.CitationKoi Glassworm InvisibleCode October 2025 |
| Enterprise | T1027.013 | Encrypted/Encoded File Sub-technique | GlassWorm has leveraged AES-256-CBC encryption to obfuscate its malicious JavaScript payload.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm InvisibleCode October 2025CitationSocket GlassWorm January 2026CitationKoi GlassWorm Rust December 2025 GlassWorm has also utilized Base64 encoding to obfuscate the C2 details stored in the Solana memo field.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm InvisibleCode October 2025CitationKoi GlassWorm Rust December 2025 |
| Enterprise | T1657 | Financial Theft | GlassWorm has the ability to steal credentials for cryptocurrency wallets.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm InvisibleCode October 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1036 | Masquerading | |
| Enterprise | T1195.001 | Compromise Software Dependencies and Development Tools Sub-technique | |
| Enterprise | T1074.001 | Local Data Staging Sub-technique | GlassWorm has staged collected data in a working directory within a temp folder to include `/tmp/ijewf`.CitationKoi Glassworm New Tricks December 2025CitationSocket GlassWorm January 2026 |
| Enterprise | T1547.001 | Registry Run Keys / Startup Folder Sub-technique | GlassWorm has set registry run keys for persistence in both `HKCU\Software\Microsoft\Windows\CurrentVersion\Run` and `HKLM\Software\Microsoft\Windows\CurrentVersion\Run\`.CitationKoi Glassworm InvisibleCode October 2025 |
| Enterprise | T1027.018 | Invisible Unicode Sub-technique | GlassWorm has utilized invisible Unicode Private Use Area (PUA) characters to obfuscate its malicious code so that it does not render in code editors.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm InvisibleCode October 2025CitationAikido GlassWorm October 2025 |
| Enterprise | T1565.002 | Transmitted Data Manipulation Sub-technique | GlassWorm can intercept and modify transaction details associated with hardware wallet applications before signing.CitationKoi Glassworm New Tricks December 2025 |
| Enterprise | T1614 | System Location Discovery | GlassWorm has leveraged geofencing logic to detect whether it is operating in a Russian associated time zone to determine whether it continues to execute.CitationSocket GlassWorm January 2026 |
| Enterprise | T1059.002 | AppleScript Sub-technique | GlassWorm has utilized AppleScript to include `set keychainPassword to do shell script` to execute shell command that retrieves passwords from the macOS keychain.CitationKoi Glassworm New Tricks December 2025 |
| Enterprise | T1059.007 | JavaScript Sub-technique | GlassWorm has leveraged JavaScript to execute its malicious code to include its hidden Unicode characters using the `eval` call.CitationKoi Glassworm Extensions November 2025CitationKoi Glassworm InvisibleCode October 2025CitationAikido GlassWorm October 2025CitationSocket GlassWorm January 2026 GlassWorm has also utilized encrypted payloads compiled in JavaScript.CitationKoi Glassworm New Tricks December 2025 |
| Enterprise | T1614.001 | System Language Discovery Sub-technique | GlassWorm has identified the system language settings by checking for `ru_RU`, `ru-RU`, `ru`, and `Russian` to prevent execution in a Russian associated device.CitationSocket GlassWorm January 2026 |
| Enterprise | T1217 | Browser Information Discovery | GlassWorm has searched browser data for cookies, history, login databases, and cryptocurrency wallets.CitationSocket GlassWorm January 2026 |
| Enterprise | T1008 | Fallback Channels | GlassWorm has utilized Google Calendar as backup C2.CitationKoi Glassworm InvisibleCode October 2025CitationKoi GlassWorm Rust December 2025 |
| Enterprise | T1082 | System Information Discovery | GlassWorm has the ability to check the OS of the victim host.CitationSocket GlassWorm January 2026CitationKoi GlassWorm Rust December 2025 GlassWorm has checked whether the OS platform value includes `darwin` prior to execution of macOS specific scripts.CitationSocket GlassWorm January 2026CitationKoi GlassWorm Rust December 2025 |
| Enterprise | T1554 | Compromise Host Software Binary | GlassWorm can modify hardware wallet applications.CitationKoi Glassworm New Tricks December 2025 |
| Enterprise | T1518 | Software Discovery | GlassWorm has searched for existing wallet applications to include Ledger Live and Trezor Suite.CitationKoi Glassworm New Tricks December 2025 |
| Enterprise | T1105 | Ingress Tool Transfer | GlassWorm has downloaded additional payloads from C2.CitationKoi Glassworm New Tricks December 2025CitationKoi Glassworm Extensions November 2025CitationSocket GlassWorm January 2026CitationKoi GlassWorm Rust December 2025 |
All related ATT&CK context
Object version and sync metadata
The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .
Imported snapshots across ATT&CK releases (1)
| Release | Bundle imported | Object version | Modified | Status | Raw hash |
|---|---|---|---|---|---|
| 19.1 | 1.0 | Current bundle | b47c79ee8796… |
Mirrored ATT&CK source object
The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.
External references and citations
MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.
-
[1]
Koi Glassworm InvisibleCode October 2025
Idan Dardikman. (2025, October 18). GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace. Retrieved April 10, 2026.
Open source URL -
[2]
Aikido GlassWorm October 2025
Ilyas Makari. (2025, October 31). The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties. Retrieved April 10, 2026.
Open source URL -
[3]
Socket GlassWorm January 2026
Kirill Boychenko. (2026, January 31). GlassWorm Loader Hits Open VSX via Developer Account Compromise. Retrieved April 10, 2026.
Open source URL -
[4]
Koi Glassworm New Tricks December 2025
Gal Hachamov. (2025, December 29). GlassWorm Goes Mac: Fresh Infrastructure, New Tricks. Retrieved April 10, 2026.
Open source URL -
[5]
Koi GlassWorm Rust December 2025
Lotan Sery. (2025, December 10). GlassWorm Goes Native: Same Infrastructure, Hardened Delivery. Retrieved April 10, 2026.
Open source URL -
[6]
Koi Glassworm Extensions November 2025
Idan Dardikman, Yuval Ronen, Lotan Sery. (2025, November 6). GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure. Retrieved April 10, 2026.
Open source URL -
[7]
mitre-attack S9010Open source URL
Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.