GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

A significant evolution of the GlassWorm campaign has emerged, deploying a sophisticated multi-stage framework that leverages Solana blockchain transactions as "dead drops" for covert command and control¹. This advanced threat delivers a remote access trojan (RAT) which subsequently installs a malicious Google Chrome extension, deceptively presented as an offline version of Google Docs. The extension is engineered to harvest extensive sensitive data, including keystrokes, browser cookies, and session tokens, alongside capturing screenshots and exfiltrating cryptocurrency-related information. The comprehensive data theft capabilities highlight a persistent and adaptive adversary. This operation represents a critical shift, moving beyond typical criminal motivations to potentially state-aligned activity, altering the threat landscape from purely financial to geopolitical considerations and demanding a recalibrated defensive posture for organizations.