GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Author: Ravie Lakshmanan
Date: Mar 25, 2026
Categories: Browser Security / Threat Intelligence

Cybersecurity researchers have identified a sophisticated malware campaign known as GlassWorm that employs an innovative approach to command and control communications. The malware utilizes Solana blockchain dead drops to deliver remote access trojans (RATs) and exfiltrate sensitive data from victims' browsers and cryptocurrency wallets.

This campaign marks a notable advancement in cybercriminal methodology, exploiting blockchain technology's decentralized architecture to establish covert communication channels that present significant challenges for security teams and law enforcement agencies attempting to track or disrupt operations.

Technical Capabilities of GlassWorm

The GlassWorm malware campaign incorporates several advanced features that distinguish it from conventional threats:

• Blockchain-Based Communication: Employs Solana blockchain transactions to conceal command and control infrastructure
• Comprehensive Browser Targeting: Extracts stored credentials, session cookies, and browsing histories
• Cryptocurrency-Focused Attacks: Specifically engineered to compromise crypto wallet data and extract private keys
• Persistent Access Mechanisms: Deploys remote access trojans to maintain long-term system compromise

Attack Methodology

The malware's operational framework centers on embedding malicious commands and exfiltrated data within legitimate Solana blockchain transactions. This technique transforms the public blockchain ledger into a covert communication medium, significantly complicating detection and remediation efforts for cybersecurity professionals.

Initial compromise typically occurs through established attack vectors, including malicious email attachments and compromised web resources. Following successful installation, the malware systematically harvests valuable information while maintaining stealth communications with threat actors through the blockchain-based infrastructure.

Industry Impact and Concerns

This development highlights an emerging trend where cybercriminals increasingly leverage blockchain technology for malicious operations. The exploitation of blockchain's inherent characteristics—decentralization, immutability, and persistence—enables threat actors to construct resilient criminal infrastructure that traditional security measures struggle to counter effectively.