Gate News reports that the security agency GoPlus has issued a warning indicating that GlassWorm has evolved from an early VS Code worm into a highly sophisticated supply chain attack framework that disguises itself as a Chrome extension to steal users’ sensitive data and cryptocurrency assets, with the threat scope continuously expanding.
The core of this attack relies on poisoning and covert code injection. Attackers manipulate npm and PyPI packages using special Unicode and PUA characters, embedding malicious loaders. These characters are difficult to identify in code review tools, allowing the malicious code to bypass traditional static analysis detection, contaminating the development environment from the source.
On the communication front, GlassWorm employs a more covert control method. It abandons traditional domain name servers and instead uses the Solana blockchain as a command and control channel, hiding instructions within on-chain transaction notes. This design enhances the attack infrastructure’s resistance to blocking, making it challenging to trace or cut off using conventional means.
At the endpoint, the attack is executed by disguising itself as a “Google Docs Offline” extension. This malicious plugin can steal browser cookies, clipboard content, and browsing history, while also possessing keystroke logging and screenshot capabilities, and can monitor activities on hardware wallets like Ledger and Trezor. Moreover, attackers may pop up phishing interfaces to lure users into entering their recovery phrases, thereby gaining direct control over digital assets.
GoPlus advises users to deploy detection tools capable of identifying hidden characters and to avoid installing software or plugins from unknown sources. Additionally, be vigilant about unusual transaction signatures and transfer requests. If a device is suspected of being compromised, disconnect it from the network immediately and change all related account credentials to minimize potential losses.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
GSR Debuts BESO ETF With Bitcoin, Ethereum, Solana
GSR debuts BESO ETF with active strategy, adjusting Bitcoin, Ether, and Solana allocations weekly to outperform benchmarks.
ETF records nearly $5M in first-day volume, signaling early investor interest in diversified crypto investment products.
Launch aligns with growing ETF momentum as
CryptoFrontNews4h ago
Solana Spot ETF Sees $1.14M Net Outflows Yesterday, FSOL Posts Gains While VSOL Declines
Gate News message, April 25 — Solana spot ETFs recorded a combined net outflow of $1.1364 million yesterday (April 24), according to SoSoValue data.
Fidelity Solana Fund ETF (FSOL) posted a single-day net inflow of $257,000 and has accumulated $158 million in historical net inflows. VanEck Solana E
GateNews8h ago
U.S. Solana Spot ETFs Record $1.17M Net Outflows; Fidelity FSOL Posts Inflows
Gate News message, April 25 — According to SoSoValue data, U.S. Solana spot ETFs recorded a combined net outflow of $1.1736 million yesterday (April 24, ET).
Fidelity Solana Fund ETF (FSOL) posted a daily net inflow of $257,000, bringing its historical cumulative net inflows to $158 million.
GateNews15h ago
DeFi Stakeholders Petition SEC to Formalize Interface Guidance as Ethereum Proposes Native Privacy Layer
Gate News message, April 24 — The DeFi Education Fund (DEF) and 35 co-signatories, including a16z crypto, Aptos Labs, Uniswap, Chainlink, Paradigm, Solana Policy Institute, and Phantom, have petitioned the Securities and Exchange Commission (SEC) to convert its recent staff guidance on DeFi interfac
GateNews20h ago
Luck.io, Solana's Non-Custodial Casino, Shuts Down; Users Urged to Withdraw Funds Immediately
Gate News message, April 24 — Luck.io, a non-custodial casino platform built on Solana, announced its closure on April 24, 2026, urging all users to withdraw their balances from Smart Vaults immediately. Withdrawals can be initiated through the luck.io website or via the Vault Withdrawal Tool at
GateNews23h ago
XRP Expands to Solana as wXRP Drives DeFi Access
Key Insights
Wrapped XRP on Solana surpasses 834,000 tokens, enabling new DeFi access while strengthening cross-chain liquidity and expanding XRP utility beyond its native ledger.
Ethereum and Solana dominate DeFi activity, while XRP Ledger trails significantly, driving the need for
CryptoNewsLand04-24 17:45
