GlassWorm the multi-stage campaign that steals empty billet credentials and takes control with a Chrome extension disguised as Google Docs Offline

Security researchers have detected a new and more elaborate campaign iteration known as GlassWorm, which combines malicious supply chain techniques with a multi-stage attack designed to steal credentials, empty cryptomoneda wallets and maintain persistent remote access to committed teams. On this occasion, attackers have gone one step further: in addition to distributing malware through contaminated packages in developer repositories, they end up forcing the installation of a Google Chrome extension that passes through the offline version of Google Docs and actually exfilters sensitive data.

The first point of entry remains the open source ecosystem: malicious packages published in npm, PyPI, GitHub and the open market VSX, as well as compromised updates in legitimate projects whose maintenance account was usurped. From there, the campaign downloads specific components according to the victim's operating system, consulting hidden sources that act as "dead drops." Aikido researchers describe how operators use transactions in Solana's lockchain to hide the command and control server address (C2), a method that complicates detection and attribution (see Solana documentation) and has already been documented in the technical report published by Aikido Here..

The attack chain is broken down in several phases. The second stage installs a framework of information theft: it seeks credentials, attempts to extract cryptomoneda wallets and collects system profiles. All information collected is packed and sent to a remote server. From that moment on, the intruder can download two additional modules: a .NET binary aimed at avoiding hardware wallets security and a JavaScript-based RAT (Remote Access Trojan) that communicates with WebSocket to capture browser data and run arbitrary code.

The .NET component monitors hardware events through the Windows Management Instrumentation (WMI) infrastructure to detect when a USB device is connected. If the device appears to be a Ledger or a Trezor, a phishing window is displayed that emulates the manufacturer's interface and urges the user to enter the 24 words of the recovery phrase. In addition, malware can finish legitimate wallet manager processes (e.g. Ledger Live) and redisplay the fraudulent window if the user tries to close it. The ultimate goal is to capture the recovery phrase and send it to a direction controlled by the attackers. Microsoft maintains documentation on WMI that helps to understand how these capabilities are used Here. while hardware wallet manufacturers constantly warn against entering the seed into the computer or unverified applications, as it explains Ledger and Trezor.

The RAT JavaScript complements the scenario with a range of capabilities that include the download of a HVNC module for hidden remote control, the establishment of a SOCKS proxy via WebRTC, and the mass extraction of browser data: cookies, history, markers, local storage and the DOM structure of the active tab. To ensure long-term access, malware forces the installation of a Chrome extension called "Google Docs Offline." This extension acts as a Trojan horse: it communicates with the C2 and can send cookies and session tokens, capture key pulses, take screenshots and exfilter clipboard data.

The extension can also apply selective surveillance rules: it brings from the server lists of sites to monitor and, in the cases observed, it was preconfigured to monitor cryptomoneda services like Bybit, looking for specific cookies (e.g. sequre-token or deviceid). If you detect a valid session, shoot a web hook to the attacking server with cookies and metadata on the page. In addition, the C2 can send redirection rules to force the active tab to point to pages controlled by the attacker, facilitating session and phishing attacks in real time. To better understand what an extension can expose, developers can review the official documentation of Chrome extensions Here..

As for the mechanisms of obtaining the control server, the authors use several strategies: a distributed hash table (DHT) as a first option and, if it fails, a resolution by means of memos in the blockchain of Solana. In other cases, public URLs of Google Calendar events have been used as "dead drops" to recover the payload address. The use of these silage layers - DHT, blockchains and public resources - adds complexity to the response and to the blocking of malicious traffic; to understand the genesis and operation of DHT a technical explanation can be found Here..

Another new development is the movement of the actors to the Model Context Protocol (MCP) ecosystem, where they started publishing npm packages that supplanted reputable services from the IA field to distribute infected code. Koi researchers have pointed out that, in a development context increasingly assisted by IA and with high confidence placed on MCP servers, this vector is worrying and will probably be replicated.

To facilitate local detection, the Polish company AFINE has released an open source tool called glassworm- hunter that scans local files in search of campaign-linked artifacts without making network requests during the analysis. The tool and its commitment indicator base are available in the official repository of GitHub Here., and AFINE explains its methodology in this technical article Here.. Aikido's report on the Chrome and RAT extension provides more technical details and can be consulted on your blog Here..

If you are a developer or a security officer, the lessons are clear: do not blindly trust a package for its number of downloads; check the publicator's history, activate strong authentication in the maintenance, signature and block critical dependencies accounts, and perform integrity reviews before deploying. In addition, isolating development environments and maintaining detection and response controls can limit the impact of this type of offensive infrastructure. For an institutional approach to software supply chains it is appropriate to consider the guides of official agencies as CISA and NSA on security in the supply chain.

Finally, if you use hardware wallets, remember that you must never enter the recovery phrase into a computer or in an emerging window, and that the only safe way to recover access is by following the manufacturer's official processes. Legitimate signatures and official updates remain the most effective barrier against campaigns that combine social engineering and technical abuse. Keeping informed, limiting privileges and validating sources is today the most sensible defense against threats like GlassWorm.