US cybersecurity company CrowdStrike said it has cooperated with Google and the non-profit Shadowserver Foundation to successfully dismantle the Glassworm botnet, which is used by hackers to spread malware and steal passwords from open source software developers.
According to CrowdStrike, this campaign aims to disrupt the operation of the cybercrime group behind Glassworm, which has targeted the open source software supply chain for the past two years.
This is considered one of the serious threats to the global software development ecosystem.
Recently, many hacker groups have continuously attacked open source developers and projects to install malware on software widely used by businesses and organizations.
This form of attack is particularly dangerous because it exploits the trust of the technology community in source code storage platforms such as GitHub.
CrowdStrike believes that developers are now becoming high-value targets of hackers. Just by successfully infiltrating a programmer's computer, hackers can install malware into software or libraries used by thousands of businesses, thereby creating large-scale supply chain attacks.
To spread malware, the Glassworm group used many different methods. They posted malicious extensions on application stores for programmers, deployed malicious ads to trick users into downloading malware-infected software, and at the same time took advantage of stolen login information in previous attacks to steal developer accounts.
After controlling the account, hackers secretly inserted malware into open source software projects. CrowdStrike said that this group infected more than 300 source code stores on GitHub before being discovered.
In the crackdown campaign, CrowdStrike disabled four control and administration servers that Glassworm used to operate the botnet network. This helped cut off the connection between hackers and infected devices, preventing the risk of further malware spread.
According to CrowdStrike, Glassworm's control infrastructure is built quite sophisticatedly, based on blockchain Solana, BitTorrent peer-to-peer network, Google Calendar and virtual private servers to hide activities.
Experts warn that the trend of attacks on the software supply chain is increasing sharply. Just last week, a campaign called "Mini Shai-Hulud" attacked many open source projects with malicious updates. At least two OpenAI developers are believed to have been compromised in this incident.
