Gate News reports that the security agency GoPlus has issued a warning indicating that GlassWorm has evolved from an early VS Code worm into a highly sophisticated supply chain attack framework that disguises itself as a Chrome extension to steal users’ sensitive data and cryptocurrency assets, with the threat scope continuously expanding.
The core of this attack relies on poisoning and covert code injection. Attackers manipulate npm and PyPI packages using special Unicode and PUA characters, embedding malicious loaders. These characters are difficult to identify in code review tools, allowing the malicious code to bypass traditional static analysis detection, contaminating the development environment from the source.
On the communication front, GlassWorm employs a more covert control method. It abandons traditional domain name servers and instead uses the Solana blockchain as a command and control channel, hiding instructions within on-chain transaction notes. This design enhances the attack infrastructure’s resistance to blocking, making it challenging to trace or cut off using conventional means.
At the endpoint, the attack is executed by disguising itself as a “Google Docs Offline” extension. This malicious plugin can steal browser cookies, clipboard content, and browsing history, while also possessing keystroke logging and screenshot capabilities, and can monitor activities on hardware wallets like Ledger and Trezor. Moreover, attackers may pop up phishing interfaces to lure users into entering their recovery phrases, thereby gaining direct control over digital assets.
GoPlus advises users to deploy detection tools capable of identifying hidden characters and to avoid installing software or plugins from unknown sources. Additionally, be vigilant about unusual transaction signatures and transfer requests. If a device is suspected of being compromised, disconnect it from the network immediately and change all related account credentials to minimize potential losses.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
FTX’s Alameda Moves $16 Million SOL in Ongoing Creditor Repayment
Alameda Research has transferred $16 million worth of Solana tokens linked to FTX creditor repayments, following a pattern of past transactions. Despite these moves, Alameda retains a significant holding of 3.5 million SOL, potentially impacting market liquidity.
Coinpedia1h ago
Squads Emergency Alert: Address poisoning and forged multisig accounts; a whitelist mechanism will go live
Solana ecosystem multi-signature agreement Squads issued a warning, pointing out that attackers launched an address poisoning attack against users by using fake accounts to trick users into making unauthorized transfers. Squads confirmed that there was no loss of funds and emphasized that this is a social engineering attack rather than a protocol vulnerability. To respond, Squads has implemented protective measures such as a warning system, non-interactive account prompts, and a whitelist mechanism. This incident reflects the growing social engineering threats in the Solana ecosystem and has prompted ongoing security reviews.
MarketWhisper1h ago
Solana cofounder toly: a base-layer stablecoin should be built that can only be frozen with authorization from the court
Solana co-founder toly noted that the industry needs a stablecoin that can only be frozen under a court order, opposing other freeze factors. He suggested that the protocol issue a stablecoin with custom freeze strategies on the base layer and strengthen security measures. This view stems from a recent response by Circle to the Drift protocol hack incident, sparking discussions about centralized stablecoins.
GateNews11h ago
