MALWARE FAMILY
GlassWorm
Internal ID: js.glassworm
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Koi Security, this malware harvests NPM, GitHub, and Git credentials for supply chain propagation. It targets 49 different cryptocurrency wallet extensions to drain funds. It uses stolen credentials to compromise additional packages and extensions, spreading the worm further. Furthermore, it deploys SOCKS proxy servers, turning developer machines into criminal infrastructure and installs hidden VNC servers for complete remote access.
Threat Analysis
GlassWorm is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
js.glassworm
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.