SYMBOLCOMMON_NAMEaka. SYNONYMS
js.glassworm (Back to overview)

GlassWorm

According to Koi Security, this malware harvests NPM, GitHub, and Git credentials for supply chain propagation. It targets 49 different cryptocurrency wallet extensions to drain funds. It uses stolen credentials to compromise additional packages and extensions, spreading the worm further. Furthermore, it deploys SOCKS proxy servers, turning developer machines into criminal infrastructure and installs hidden VNC servers for complete remote access.

References
2025-10-18Koi SecurityIdan Dardikman
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
GlassWorm

There is no Yara-Signature yet.