Cybersecurity experts have recently identified a new variant of the GlassWorm malware campaign, which employs a sophisticated multi-phase framework for extensive data theft and the deployment of a remote access trojan (RAT). This malware also installs a malicious Google Chrome extension that impersonates Google Docs, facilitating unauthorized data access.
According to Ilyas Makari, a researcher at Aikido Security, the malware logs keystrokes, accesses cookies and session tokens, captures screen images, and receives commands from a command-and-control (C2) server concealed within Solana blockchain memos. This latest iteration of GlassWorm has been linked to compromised packages on platforms like npm, PyPI, GitHub, and Open VSX, where attackers hijack the accounts of project maintainers to distribute tainted updates.
Advanced Mechanisms for Command and Control
The GlassWorm campaign employs Solana transactions as a dead drop mechanism to locate its C2 server, avoiding systems with a Russian locale. The malware’s second-stage payload is a data-theft framework designed to harvest credentials, extract cryptocurrency wallet information, and perform system profiling. The stolen data is compressed into a ZIP file and sent to an external server.
Following data exfiltration, the malware fetches two additional components: a .NET binary for phishing hardware wallets and a Websocket-based JavaScript RAT to extract web browser data and execute arbitrary code. This process utilizes a Google Calendar event URL as a dead drop resolver to access the RAT payload.
Targeting Cryptocurrency Hardware Wallets
The .NET binary exploits Windows Management Instrumentation (WMI) to recognize USB device connections, displaying phishing windows when Ledger or Trezor wallets are connected. These windows present fake error messages and prompt users to input recovery phrases, which are then captured and sent to an attacker-controlled IP address. The RAT uses a Distributed Hash Table (DHT) for C2 communication, defaulting to the Solana-based dead drop if necessary.
Once connected, the RAT can execute commands such as launching a Hidden Virtual Network Computing (HVNC) module, using a WebRTC module as a SOCKS proxy, and extracting web browser data. The malware also installs a rogue Chrome extension on Windows and macOS systems, enabling further data collection through commands from its C2 server.
Shift in Tactics: Infiltrating MCP Ecosystem
The GlassWorm attackers have recently begun impersonating the WaterCrawl Model Context Protocol (MCP) server within npm packages, marking their first confirmed incursion into the MCP ecosystem. This tactic highlights the growing reliance on AI-assisted development and the inherent trust granted to MCP servers.
Developers are urged to practice caution when installing Open VSX extensions, npm packages, and MCP servers. Verifying publisher identities and package histories can prevent potential security breaches. To aid developers in detecting GlassWorm-related threats, AFINE, a Polish cybersecurity firm, has released an open-source tool named glassworm-hunter that scans for malicious payloads without making network requests.
In light of these developments, maintaining vigilance and employing robust security measures are crucial in safeguarding against this ongoing malware threat.
