Live Active security incident? Get immediate response
MITRE ATT&CK® Malware

S9010: GlassWorm

GlassWorm is a worm that propagated through supply chain attacks by compromising repository credentials from victim environments and having malicious payloads added to those compromised accounts for distribution to victims across the various development ecosystems.[1][2][3] GlassWorm has numerous variants, including Rust binaries, encrypted JavaScript and a variant leveraging invisible Unicode characters that made reverse engineering difficult.[4][1][5] GlassWorm has employed a unique command and control (C2) methodology using Solana blockchain.[6][1] GlassWorm was first reported in October 2025.[6][1][3]

EnterpriseS9010MalwareObject v1.0 Modified
Discuss defensive coverage Back to ATT&CK
Glexia's Take

Analyst context for executives and security teams

Analyst confidence High

GlassWorm matters because it targets the software delivery chain rather than only individual endpoints. The supplied ATT&CK entry describes a worm that spread by compromising repository credentials and adding malicious payloads for distribution across development ecosystems, with variants using Rust binaries, encrypted JavaScript, invisible Unicode, and Solana blockchain-based C2. For leaders, this makes GlassWorm a risk to developer trust, release integrity, and incident scoping, especially where repository credentials, extensions, packages, and developer workstations are not monitored together.

Executive priority

Prioritize GlassWorm as a software supply chain and identity-control validation case. Key executive questions are: which repository credentials and tokens can publish code or packages; whether changes to dependencies, extensions, and repositories are auditable; whether macOS and Windows developer endpoints have sufficient telemetry; and whether incident response can quickly revoke credentials, validate source integrity, and determine downstream distribution exposure. This is also useful compliance evidence for access control, change management, logging, and secure development lifecycle controls.

Technical view

The object has no ATT&CK tactics specified and no official detection text, but its relationships indicate behavior spanning supply chain initial access, script execution, persistence, discovery, collection, credential access, stealth/obfuscation, and command-and-control. SOC and IR teams should validate coverage around compromised repository credentials, malicious dependency or development-tool updates, JavaScript and AppleScript execution, encrypted or encoded files, invisible Unicode in source or package content, macOS Launch Agents, Windows Run Keys or Startup Folder entries, local data staging, browser/session-cookie access, code repository and database collection, HTTP/S C2, fallback channels, dead-drop resolver behavior, internal proxying, and ingress tool transfer. Treat developer workstations, repository SaaS logs, package or extension publishing workflows, and outbound network telemetry as a combined detection surface rather than separate control domains.

Likely telemetry

  • Code repository audit logs: authentication events, token use, credential changes, publishing activity, commits, package or extension updates, and anomalous access to private repositories.
  • Developer endpoint telemetry on macOS and Windows: process creation, script interpreter activity, file writes, persistence locations, and security tool events.
  • macOS-specific telemetry: osascript or AppleScript execution and Launch Agent plist creation or modification.
  • Windows-specific telemetry: Registry Run Key changes, Startup Folder writes, script execution, and process ancestry for unexpected JavaScript/JScript activity.
  • Source, package, and artifact scanning results for encrypted or encoded content, invisible or non-printing Unicode characters, masqueraded files, and unexpected Rust binaries or JavaScript payloads.

Detection direction

  • Because MITRE provides no official detection guidance for this object, start with control validation mapped to the related techniques rather than assuming existing malware signatures are sufficient.
  • Correlate repository events with endpoint activity: suspicious publishing or commit activity should be reviewed alongside the developer host that held the credential or token.
  • Tune for developer-environment false positives: JavaScript, AppleScript, Rust binaries, package publishing, and repository access can be normal in engineering workflows, so detections should emphasize unusual process lineage, new persistence, encoded content, invisible Unicode, unexpected destinations, and credential use outside normal patterns.
  • Add review logic for invisible or non-printing Unicode in source code, package manifests, extensions, scripts, and build artifacts, since visual code review may miss this behavior.
  • Validate macOS and Windows persistence monitoring separately: Launch Agents on macOS and Run Keys or Startup Folder entries on Windows represent different evidence paths.

Mitigation priorities

  • Harden repository identity first: enforce least privilege for publishing rights, strong authentication, scoped and short-lived tokens where feasible, rapid token revocation, and review of dormant or over-privileged developer accounts.
  • Protect the software delivery path: require review and provenance checks for dependency, extension, package, and build artifact changes; monitor for unexpected maintainership or publishing changes.
  • Improve secure code and artifact review for obfuscation indicators, including encrypted or encoded payloads and invisible Unicode characters.
  • Strengthen developer endpoint controls on macOS and Windows, including monitoring and restriction of unauthorized persistence mechanisms, script execution abuse, and unexpected tool downloads.
  • Prepare IR playbooks for supply chain compromise: revoke repository credentials, preserve audit logs, validate affected commits/packages/extensions, identify downstream distribution, and coordinate rollback or notification decisions.
Analyst notes and limits

This take is based only on the supplied ATT&CK software object, external references, and stated relationships. The strongest decision value is the intersection of software supply chain compromise, developer identity, endpoint persistence, obfuscated code, and C2 resilience. GlassWorm is officially listed for macOS and Windows in the supplied object; several related techniques include broader platforms, but those should be treated as technique context rather than confirmed GlassWorm platform scope.

The ATT&CK object provides no official detection text, no specified tactics on the software object, and no environment-specific indicators. The external references are listed but not expanded beyond the supplied descriptions. Local repository architecture, package ecosystems, developer endpoint baselines, token practices, and logging coverage are required to determine actual exposure and detection confidence.

Official MITRE ATT&CK definition

GlassWorm

GlassWorm is a worm that propagated through supply chain attacks by compromising repository credentials from victim environments and having malicious payloads added to those compromised accounts for distribution to victims across the various development ecosystems.[1][2][3] GlassWorm has numerous variants, including Rust binaries, encrypted JavaScript and a variant leveraging invisible Unicode characters that made reverse engineering difficult.[4][1][5] GlassWorm has employed a unique command and control (C2) methodology using Solana blockchain.[6][1] GlassWorm was first reported in October 2025.[6][1][3]

View the same entry on attack.mitre.org (MITRE-hosted reference; in-page links above use the Glexia ATT&CK library.)

Glexia analysis

How security teams should use this page

Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.

ATT&CK relationship table

Techniques used

This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.

36 rows
Domain ID Name Relationship / procedure
Enterprise T1213.006 Databases Sub-technique

GlassWorm has collected data from macOS devices through the gathering of Apple Notes related files by targeting `/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite`, `/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite-wal`, and `/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite-shm`.[3]
Enterprise T1571 Non-Standard Port

GlassWorm has distributed C2 using BitTorrent’s Distributed Hash Table (DHT) network to harness a decentralized command capability.[1]
Enterprise T1480 Execution Guardrails

GlassWorm has utilized logic to avoid executing on Russian based devices.[3]
Enterprise T1124 System Time Discovery

GlassWorm has the ability to check the system’s time zone on the victim device.[3]
Enterprise T1560.001 Archive via Utility Sub-technique

GlassWorm has archived collected files within a zip file prior to exfiltration to include `/tmp/out.zip`.[3]
Enterprise T1071.001 Web Protocols Sub-technique

GlassWorm has used HTTP for C2 and extracts data from the HTTP response headers.[1]
Enterprise T1543.001 Launch Agent Sub-technique

GlassWorm has established persistence on macOS via a LaunchAgent by writing a plist under `/library/LaunchAgents`.[4][3]
Enterprise T1090.001 Internal Proxy Sub-technique

GlassWorm has leveraged peer-to-peer software to facilitate communications within the victim network to include the software WebRTC.[1] GlassWorm has also established a SOCKS proxy to interact with victim devices that also acted as a proxy node for follow-on behaviors.[1]
Enterprise T1602.002 Network Device Configuration Dump Sub-technique

GlassWorm has gathered data pertaining to VPN configurations.[4][3] GlassWorm has also targeted locally stored data on macOS located in `/Library/Application Support/Fortinet/FortiClient/conf/vpn.plist`.[3]
Enterprise T1555.001 Keychain Sub-technique

GlassWorm has collected keys stored within `/Library/Keychains/login.keychain-db`.[4][3]
Enterprise T1140 Deobfuscate/Decode Files or Information

GlassWorm has decoded its Base64 instructions.[1] GlassWorm has also decrypted its AES protected payloads.[4][1][3]
Enterprise T1678 Delay Execution

GlassWorm has used a timeout function set to `9e5` which delays execution 900,000 milliseconds or 15 minutes to avoid detection.[4]
Enterprise T1539 Steal Web Session Cookie

GlassWorm has harvested Safari cookies stored within `/Library/Containers/com.apple.Safari/Data/Library/Cookies/ Cookies.binarycookies`.[3] GlassWorm has also stolen cookies within Chromium and Firefox browsers.[4][3]
Enterprise T1102.001 Dead Drop Resolver Sub-technique

GlassWorm has leveraged blockchain-based C2 infrastructure to include Solana blockchain that contains additional C2 details within the memo field.[4][6][1][2][3][5] GlassWorm has also leveraged Google Calendar to host encoded data.[1][3][5]
Enterprise T1213.003 Code Repositories Sub-technique

GlassWorm has gathered code repository authentication materials for NPM and GitHub.[4][1][3] GlassWorm has collected details pertaining to the npm configuration data for `_authToken`.[1][3]
Enterprise T1555.003 Credentials from Web Browsers Sub-technique

GlassWorm has gathered credentials stored in Mozilla FireFox and Chromium-based Browsers.[4][3]
Enterprise T1005 Data from Local System

GlassWorm has collected local data from a compromised host to include desktop cryptocurrency wallet data, and documents from within Desktop, Documents, and Downloads.[3]
Enterprise T1564.003 Hidden Window Sub-technique

GlassWorm has leveraged Hidden Virtual Network Computing (HVNC) to remain undetected and conduct execution of collection and communication actions.[1]
Enterprise T1027.013 Encrypted/Encoded File Sub-technique

GlassWorm has leveraged AES-256-CBC encryption to obfuscate its malicious JavaScript payload.[4][1][3][5] GlassWorm has also utilized Base64 encoding to obfuscate the C2 details stored in the Solana memo field.[4][1][5]
Enterprise T1657 Financial Theft

GlassWorm has the ability to steal credentials for cryptocurrency wallets.[4][1][3]
Enterprise T1036 Masquerading

GlassWorm has masqueraded as legitimate VSCode extensions.[2][5] GlassWorm has also impersonated Github projects.[2]
Enterprise T1195.001 Compromise Software Dependencies and Development Tools Sub-technique

GlassWorm has spread through Visual Studio extensions.[1][2][3] GlassWorm has also spread through JavaScript projects hosted on Github.[2]
Enterprise T1074.001 Local Data Staging Sub-technique

GlassWorm has staged collected data in a working directory within a temp folder to include `/tmp/ijewf`.[4][3]
Enterprise T1547.001 Registry Run Keys / Startup Folder Sub-technique

GlassWorm has set registry run keys for persistence in both `HKCU\Software\Microsoft\Windows\CurrentVersion\Run` and `HKLM\Software\Microsoft\Windows\CurrentVersion\Run\`.[1]
Enterprise T1027.018 Invisible Unicode Sub-technique

GlassWorm has utilized invisible Unicode Private Use Area (PUA) characters to obfuscate its malicious code so that it does not render in code editors.[4][1][2]
Enterprise T1565.002 Transmitted Data Manipulation Sub-technique

GlassWorm can intercept and modify transaction details associated with hardware wallet applications before signing.[4]
Enterprise T1614 System Location Discovery

GlassWorm has leveraged geofencing logic to detect whether it is operating in a Russian associated time zone to determine whether it continues to execute.[3]
Enterprise T1059.002 AppleScript Sub-technique

GlassWorm has utilized AppleScript to include `set keychainPassword to do shell script` to execute shell command that retrieves passwords from the macOS keychain.[4]
Enterprise T1059.007 JavaScript Sub-technique

GlassWorm has leveraged JavaScript to execute its malicious code to include its hidden Unicode characters using the `eval` call.[6][1][2][3] GlassWorm has also utilized encrypted payloads compiled in JavaScript.[4]
Enterprise T1614.001 System Language Discovery Sub-technique

GlassWorm has identified the system language settings by checking for `ru_RU`, `ru-RU`, `ru`, and `Russian` to prevent execution in a Russian associated device.[3]
Enterprise T1217 Browser Information Discovery

GlassWorm has searched browser data for cookies, history, login databases, and cryptocurrency wallets.[3]
Enterprise T1008 Fallback Channels

GlassWorm has utilized Google Calendar as backup C2.[1][5]
Enterprise T1082 System Information Discovery

GlassWorm has the ability to check the OS of the victim host.[3][5] GlassWorm has checked whether the OS platform value includes `darwin` prior to execution of macOS specific scripts.[3][5]
Enterprise T1554 Compromise Host Software Binary

GlassWorm can modify hardware wallet applications.[4]
Enterprise T1518 Software Discovery

GlassWorm has searched for existing wallet applications to include Ledger Live and Trezor Suite.[4]
Enterprise T1105 Ingress Tool Transfer

GlassWorm has downloaded additional payloads from C2.[4][6][3][5]
Relationship explorer

All related ATT&CK context

uses · Technique T1213.006: Databases Enterprise uses · Technique T1571: Non-Standard Port Enterprise uses · Technique T1480: Execution Guardrails Enterprise uses · Technique T1124: System Time Discovery Enterprise uses · Technique T1560.001: Archive via Utility Enterprise uses · Technique T1071.001: Web Protocols Enterprise uses · Technique T1543.001: Launch Agent Enterprise uses · Technique T1090.001: Internal Proxy Enterprise uses · Technique T1602.002: Network Device Configuration Dump Enterprise uses · Technique T1555.001: Keychain Enterprise uses · Technique T1140: Deobfuscate/Decode Files or Information Enterprise uses · Technique T1678: Delay Execution Enterprise uses · Technique T1539: Steal Web Session Cookie Enterprise uses · Technique T1102.001: Dead Drop Resolver Enterprise uses · Technique T1213.003: Code Repositories Enterprise uses · Technique T1555.003: Credentials from Web Browsers Enterprise uses · Technique T1005: Data from Local System Enterprise uses · Technique T1564.003: Hidden Window Enterprise uses · Technique T1027.013: Encrypted/Encoded File Enterprise uses · Technique T1657: Financial Theft Enterprise uses · Technique T1036: Masquerading Enterprise uses · Technique T1195.001: Compromise Software Dependencies and Development Tools Enterprise uses · Technique T1074.001: Local Data Staging Enterprise uses · Technique T1547.001: Registry Run Keys / Startup Folder Enterprise
Change history

Object version and sync metadata

The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .

ATT&CK release
19.1
Object version
1.0
Created
Modified
Raw hash
b47c79ee879661c3...
Imported snapshots across ATT&CK releases (1)
Release Bundle imported Object version Modified Status Raw hash
19.1 1.0 Current bundle b47c79ee8796…
Raw source

Mirrored ATT&CK source object

The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.

Open mirrored raw JSON Open MITRE-hosted copy
Source references

External references and citations

MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.

  1. [1]
    Koi Glassworm InvisibleCode October 2025

    Idan Dardikman. (2025, October 18). GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace. Retrieved April 10, 2026.

    Open source URL
  2. [2]
    Aikido GlassWorm October 2025

    Ilyas Makari. (2025, October 31). The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties. Retrieved April 10, 2026.

    Open source URL
  3. [3]
    Socket GlassWorm January 2026

    Kirill Boychenko. (2026, January 31). GlassWorm Loader Hits Open VSX via Developer Account Compromise. Retrieved April 10, 2026.

    Open source URL
  4. [4]
    Koi Glassworm New Tricks December 2025

    Gal Hachamov. (2025, December 29). GlassWorm Goes Mac: Fresh Infrastructure, New Tricks. Retrieved April 10, 2026.

    Open source URL
  5. [5]
    Koi GlassWorm Rust December 2025

    Lotan Sery. (2025, December 10). GlassWorm Goes Native: Same Infrastructure, Hardened Delivery. Retrieved April 10, 2026.

    Open source URL
  6. [6]
    Koi Glassworm Extensions November 2025

    Idan Dardikman, Yuval Ronen, Lotan Sery. (2025, November 6). GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure. Retrieved April 10, 2026.

    Open source URL
  7. [7]
    mitre-attack S9010
    Open source URL
Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use