GlassWorm Malware: Solana Dead Drops and Browser Data Theft via Rogue Extensions

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

The GlassWorm campaign has evolved into a multi-stage data-theft framework that uses Solana blockchain memos as command-and-control (C2) resolvers. Researchers at Aikido have identified a malicious Google Chrome extension that masquerades as an offline version of Google Docs to exfiltrate session tokens and keystrokes.

Why This Matters

Developers operate under the ideal model that verified package registries and established protocols like the Model Context Protocol (MCP) provide a secure foundation for AI-assisted development. However, the technical reality revealed by GlassWorm shows that attackers can compromise project maintainers and leverage decentralized blockchain memos to bypass static security controls effectively.

The cost of these breaches extends beyond data loss to the erosion of trust in open-source ecosystems. By weaponizing legitimate tools like Google Docs Offline extensions and WMI-based hardware detection, GlassWorm creates a persistent threat that is difficult to distinguish from standard administrative activity, requiring specialized scanning tools like glassworm-hunter to detect local artifacts.

Key Insights

• GlassWorm uses Solana blockchain memos to hide C2 server addresses (45.32.150[.]251), as reported by Aikido researcher Ilyas Makari in 2026.
• The campaign utilizes a public Google Calendar event URL as a dead drop resolver to fetch its final Websocket-based JavaScript RAT payload.
• The .NET stage-three binary leverages Windows Management Instrumentation (WMI) to detect USB connections for Ledger and Trezor hardware wallets to initiate credential phishing.
• The malware bypasses Google Chrome’s App-Bound Encryption (ABE) to steal sensitive session tokens and browser history for up to 5,000 entries.
• Attackers have expanded into the AI ecosystem by impersonating WaterCrawl Model Context Protocol (MCP) servers to distribute payloads via the @iflow-mcp/watercrawl-watercrawl-mcp package.

Practical Applications

• Use Case: Developers should utilize the open-source glassworm-hunter Python tool to scan local files for campaign-specific IoCs without triggering network telemetry. Pitfall: Relying on automated update checks for security tools may inadvertently expose system presence to advanced persistent threats.
• Use Case: Security operations should monitor for unauthorized WMI events that specifically poll for hardware IDs related to cryptocurrency Ledger or Trezor devices. Pitfall: Blindly trusting download counts or publisher names on Open VSX and npm can lead to the installation of malicious payloads from compromised maintainer accounts.

References:

• http://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html