- GlassWorm attackers now use a multi-stage framework that steals data and delivers a remote access trojan via a malicious Chrome extension.
- The malware employs the Solana blockchain to hide its command server and specifically targets cryptocurrency hardware wallets with phishing windows.
- A new Python tool called glassworm-hunter has been released to help developers scan their systems for these payloads.
- The campaign has evolved to impersonate trusted npm packages, including an AI development tool called the WaterCrawl MCP server.
Cybersecurity researchers revealed on March 25, 2026, that the persistent GlassWorm campaign has evolved into a sophisticated multi-stage attack framework. This new evolution, as detailed by Aikido security researcher Ilyas Makari, delivers a powerful information-stealing Google Chrome extension and a remote access trojan (RAT). The initial infection spreads through poisoned packages on trusted platforms like npm, PyPI, and GitHub.
The attack chain cleverly avoids systems with Russian locales and uses Solana blockchain transactions as a dead drop resolver to find its command server. Consequently, it downloads operating system-specific payloads designed for comprehensive data theft. This stage-two framework harvests credentials, exfiltrates cryptocurrency wallets, and profiles the victim’s system before sending the data to an external server.
Once data is transmitted, the malware fetches additional components including a .NET binary that performs hardware wallet phishing. This binary uses Windows Management Instrumentation to detect when a Ledger or Trezor wallet is connected and displays a fake error window to steal the 24-word recovery phrase. The malware persistently reopens the phishing window if closed and kills legitimate Ledger Live processes on the host machine.
Meanwhile, a separate JavaScript RAT component uses a Distributed Hash Table (DHT) and the Solana blockchain to establish communication. This RAT can run commands to deploy a hidden remote desktop, operate a SOCKS proxy, and execute arbitrary code. It also force-installs a malicious Chrome extension masquerading as “Google Docs Offline,” which steals cookies, keystrokes, screenshots, and even monitors specific sites like Bybit.
Researchers noted this campaign represents GlassWorm‘s first confirmed move into the AI-assisted development ecosystem by publishing a malicious npm package impersonating the WaterCrawl MCP server. In response, Polish cybersecurity company AFINE has published an open-source Python tool to help developers scan for these stealthy payloads locally.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
