| 💡 Kirin runs in the developer's IDE and blocks malicious extensions and packages before they execute. Try it free for up to 5 licenses. |
On May 26, 2026, CrowdStrike's Counter Adversary Operations team, in coordination with Google and the Shadowserver Foundation, disrupted Glassworm, a botnet that had been running against software developers since at least early 2025. CrowdStrike struck all four of Glassworm's command-and-control channels simultaneously: a Solana-blockchain dead-drop, a BitTorrent DHT lookup, Google Calendar event titles, and the conventional VPS infrastructure behind them. Infected machines can no longer receive new payloads.
It is one of the more interesting takedowns of the year, and a meaningful piece of work. It also tells every CISO something specific about where the next attack will come from.
The operators behind Glassworm did not pick their victims at random. They systematically targeted software developers, a population that holds source code, cloud credentials, CI/CD secrets, package-registry tokens, and SSH keys, often all on the same laptop. One compromised developer cascades into a supply-chain compromise that reaches every customer downstream.
Glassworm's vectors map cleanly to a modern engineering workstation:
The botnet ran cross-platform on Windows, macOS, and Linux. It deployed an information stealer, a credential harvester, and a full-featured Node.js remote access tool dubbed GlasswormRAT. Over the course of more than a year, the operators rotated their implementation from JavaScript to Rust to Zig and cycled through package ecosystems faster than the ecosystems could respond.
This is the new shape of supply-chain risk. Not "the dependencies in your production build." Every IDE, every extension, every MCP server, every npm and PyPI package on every engineer's laptop in your company.
CrowdStrike was direct about this in their report, and it is worth quoting:
Defending against these threats through after-the-fact detection alone is virtually impossible. Malicious packages are installed through dependency updates in seconds, and detections usually happen when the harm is already done.
The Glassworm operators are well-resourced. They built their C2 across blockchain, peer-to-peer, and legitimate web services specifically to survive takedowns. They have shifted programming languages three times. They will likely reconstitute. And the next campaign ( Shai-Hulud, TeamPCP, whatever name attaches to it) will use the same playbook against the same population.
What changes the picture is not faster takedowns. It is moving the defense to where the malicious code actually executes: inside the developer's IDE.
Kirin runs in the developer's IDE (Cursor, Claude Code, VS Code) and inspects dependencies, extensions, and MCP connections in real time. Against a campaign with Glassworm's exact shape, Kirin is the inline brake.
Trojanized extensions in the IDE. Kirin inspects Cursor extensions and MCP connections at install and at activation. An extension that fetches and runs code from an external location on startup is the exact behavior Kirin is designed to recognize and block. Glassworm's primary entry path runs through this surface.
Compromised packages surfaced through the assistant. Kirin observes the dependencies the AI assistant is about to introduce, inspects them in real time, and blocks unsafe behavior before it lands. The "thousands of victims within minutes" window CrowdStrike describes is exactly the window Kirin closes for AI-assisted developer workflows.
Credentials at the endpoint. Kirin redacts and guards sensitive data flowing through the assistant, so even if a second-stage payload triggers, the cloud credentials, password-manager vaults, and SSH keys that GlasswormRAT is built to harvest are not readable in usable form. The infostealer-plus-credential-harvester pattern at the core of this campaign relies on the credentials being there to grab. Kirin removes that assumption.
Kirin is not a takedown. It is the defense that does not depend on one.
The Glassworm takedown gives every organization a free, time-bounded gift: a window where existing infections cannot receive new payloads. Use it.
Kirin is free for up to 5 licenses. It installs into Claude Code, Claude Cowork, Cursor, VS Code in minutes. If your engineering team uses any of those today, you can have Glassworm-class protection running this week, without waiting for the next takedown.
CrowdStrike's Counter Adversary Operations team did the hard work here, alongside Google and the Shadowserver Foundation. Threat investigations like this matter because they buy defenders time. The job for the rest of us is to use that time to layer protection where the attacks land.
| 💡 Kirin runs in the developer's IDE and blocks malicious extensions and packages before they execute. Try it free for up to 5 licenses. |
Source: