Home
News
Details

CrowdStrike and Google Take Down Developer-Targeting Botnet

icon币界网
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
SOL
$65.49-2.5%
AI summary iconSummary

expand icon
CrowdStrike, with assistance from Google and Shadowserver, has dismantled the Glassworm botnet, which targeted open-source developers for two years. Attackers exploited developer accounts and code channels to distribute malware and steal credentials. Over 300 GitHub repositories were compromised, with malicious code spreading through marketplaces and search ads. CrowdStrike disabled four C2 channels that utilized the Solana blockchain, BitTorrent, Google Calendar, and VPS. Crypto news reports a rise in supply-chain attacks, including the Mini Shai-Hulud campaign.
CoinDesk reports:

CrowdStrike, in collaboration with Google and the internet security organization Shadowserver, dismantled a botnet specifically targeting open-source software developers. Over the past two years, this network consistently deployed malware through developer accounts and code distribution channels to steal passwords.

Continuously attacked developers for two years

This operation targets the attack network named Glassworm. CrowdStrike states that such attacks no longer focus solely on software products but now directly target developers who write and maintain code, as the compromise of a single developer’s device can spread downstream to numerous users and organizations through the supply chain.

Over 300 GitHub repositories have been compromised

According to CrowdStrike, the attackers primarily spread malicious code through three methods: publishing malicious plugins on extension marketplaces used by developers, purchasing search ads to诱导 downloads, and taking over developer accounts using previously stolen credentials.

  • Malicious extensions have been distributed on developer marketplaces.
  • Search ads have been used to lure users into downloading malware.
  • The compromised account was used to inject malicious code.

After gaining control of the account, the attacker injected malicious code into the project repositories. CrowdStrike reported that more than 300 GitHub repositories were ultimately compromised.

The control channel involves services such as Solana.

CrowdStrike stated that it has severed four command-and-control channels used by Glassworm, reducing the attackers' access to infected devices and preventing them from deploying additional malware.

The report states that these infrastructure controls relied on multiple channels, including the Solana blockchain, the BitTorrent peer-to-peer network, Google Calendar, and virtual private servers. However, the report did not specify the legal authority or technical methods underlying this operation.

Similar attacks have continued to occur recently.

In recent months, supply chain attacks targeting open-source projects and developers have continued to rise. TechCrunch reported that last week, another campaign named Mini Shai-Hulud compromised multiple open-source projects and pushed malicious updates, affecting one OpenAI developer.

Additional information: The report also mentioned another supply chain attack in March, with the hackers suspected of being linked to North Korea, highlighting that developer accounts and open-source distribution channels are becoming prime targets.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.