The Glassworm botnet, targeting software developers through open-source supply chain compromises, was coordinated by CrowdStrike, Google, and the Shadowserver Foundation. It used trojanized VSCode extensions, compromised npm/Python packages, and poisoned GitHub repositories to execute malicious payloads. The botnet's C2 infrastructure leveraged blockchain, BitTorrent DHT, Google Calendar, and VPS servers for resilience.
