Threat researchers discovered GlassWASM, a WebAssembly-based malware distributed via trojanized extensions on the Open VSX marketplace. The malware uses ChaCha20 encryption to evade static analysis and leverages the Solana blockchain as a resilient C2 dead-drop to retrieve and execute OS-specific second-stage payloads via Node.js.