Sign in Subscribe
By E. Kohler in security

How GlassWorm Gets In (and How We Locked It Out)

A supply-chain malware campaign hit hundreds of repos across GitHub, npm, and VS Code. Here's what I found when I scanned my own projects.

How GlassWorm Gets In (and How We Locked It Out)

Yesterday, I saw the GlassWorm headlines and did what any reasonable person would do: I panicked for about 30 seconds, then started scanning.

GlassWorm is a coordinated supply-chain attack campaign that hit over 400 repositories, npm packages, and VS Code extensions this month. The attackers compromise GitHub accounts via force-push, publish malicious packages with obfuscated code, and use the Solana blockchain as a command-and-control channel. Every five seconds, the malware checks a Solana wallet for new instructions encoded as transaction memos. It's clever, persistent, and well-funded.

The target: developer credentials, SSH keys, cryptocurrency wallets, and anything else worth stealing from a development machine.

What we actually did

We maintain around 25 public repositories across our GitHub organization. A mix of open-source tools, plugins, and internal utilities. When the GlassWorm news broke, the question wasn't "are we safe?" but "can we prove it?"

So we wrote a scanner. Not a fancy one, just a shell script that clones each repo and checks for the known indicators:

  • The marker variable lzcdrtfxyqiplpd (GlassWorm's fingerprint)
  • Invisible Unicode characters in JS/TS/Python files (zero-width spaces used for obfuscation)
  • Suspicious i.js files (a common GlassWorm payload filename)
  • init.json persistence files in home directories
  • Solana blockchain references (the C2 channel)
  • Encoded eval/exec calls (eval(atob(...), eval(Buffer.from(...)))
  • Suspicious postinstall scripts in package.json
  • Git commit date anomalies (committer date much newer than author date, suggesting force-push)

We also checked our local development server for ~/init.json and unexpected Node.js installations in the home directory (~/node-v22*), two known persistence indicators.

Results

Clean across all 25 repos. No GlassWorm indicators in our source code.

We did get false positives: our own security tools (a ClawHub scanner that pattern-matches wallet file paths, and an AI blue team that tests XSS detection against eval(atob(...)) payloads) triggered some of the heuristic checks. That's actually a good sign. It means the scanner catches the patterns, and our security tools are testing against real-world attack payloads.

The npm audit found vulnerabilities in 3 repos, but those were known dependency issues (not malware), which we fixed immediately.

What we changed going forward

Scanning once is nice. Scanning continuously is better. Here's what we rolled out:

Dependabot on every repo. Weekly automated dependency updates. If a dependency gets flagged, we know within days, not months.

CodeQL on every repo. GitHub's code analysis runs on every push and PR. It catches suspicious patterns, tainted data flows, and known vulnerability classes before they reach main.

Auto-publish workflows. This one is about consistency, not security directly. We set up GitHub Actions so that creating a GitHub Release automatically publishes to npm (and ClawHub for our OpenClaw plugins). One source of truth. No manual npm publish where you might accidentally include files you shouldn't.

Branch protection everywhere. Require PR reviews, require CI to pass, prevent force pushes. Force-push is exactly how GlassWorm compromises repos. Block it.

The Solana angle is interesting

Using a blockchain for C2 is smart from the attacker's perspective. You can't take down the Solana network. The wallet address is public, immutable, and always available. New instructions are just memo fields in transactions, which anyone can read but only the wallet owner can write.

The flip side: it's also completely transparent. Every instruction the attacker sends is permanently recorded on a public ledger. You can monitor the wallet and see new payload URLs the moment they're posted. We're building a monitoring tool for exactly this purpose.

What I'd tell other maintainers

If you maintain open-source projects, here's the minimum:

  1. Enable Dependabot and CodeQL. It's free on GitHub. No excuse.
  2. Block force pushes on your default branch. This is how GlassWorm gets in.
  3. Audit your npm scripts. Check postinstall and preinstall in every dependency. Run npm audit regularly.
  4. Search for the marker. grep -r "lzcdrtfxyqiplpd" across your repos. Takes 10 seconds.
  5. Check your local machine. Look for ~/init.json and unexpected ~/node-v22* directories.

Supply-chain attacks are not theoretical. They're happening right now, across platforms you use every day. The good news: basic hygiene catches most of it. The bad news: "basic" is still more than most projects do.

We're open-sourcing our scanner tool soon. If you want to run it on your own repos, keep an eye on our GitHub.

Previous

Two Bugs, One Sunday Morning: What Debugging Your AI Gateway Actually Teaches You

 Next

NIS2 for Mid-Sized Companies: What Actually Matters

You might also like...