Hidden in Plain Sight: How Glassworm Hid Malware in Code

CrowdStrike, Google, and Shadowserver shut down the Glassworm botnet on May 26, 2026, which had infected 433 open-source packages since early 2025. The malware used invisible Unicode characters to embed itself in code—a technique that let it survive developer review while remaining active. This marks a real escalation in how attackers compromise software supply chains.