solana

This Malware Hides Its Command Server in the Blockchain, and Borrows Google Calendar Too

John Z Black Mar 27, 2026

Threat Intelligence #malware #blockchain #solana #developer-security #supply-chain #glassworm #npm #c2

GlassWorm targets developers through compromised npm, PyPI, and GitHub packages. Its C2 address is hidden in a Solana blockchain memo. You can't take down a blockchain transaction.