The GlassWorm malware marketing campaign is getting used to gas an ongoing assault that leverages the stolen GitHub tokens to inject malware into a whole bunch of Python repositories.
“The assault targets Python initiatives — together with Django apps, ML analysis code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to information like setup.py, fundamental.py, and app.py,” StepSecurity mentioned. “Anybody who runs pip set up from a compromised repo or clones and executes the code will set off the malware.”
In response to the software program provide chain safety firm, the earliest injections date again to March 8, 2026. The attackers, upon getting access to the developer accounts, rebasing the newest reliable commits on the default department of the focused repositories with malicious code, after which force-pushing the adjustments, whereas conserving the unique commit’s message, creator, and creator date intact.
This new offshoot of the GlassWorm marketing campaign has been codenamed ForceMemo. The assault performs out through the next 4 steps –
- Compromise developer techniques with GlassWorm malware via malicious VS Code and Cursor extensions. The malware incorporates a devoted part to steal secrets and techniques, resembling GitHub tokens.
- Use the stolen credentials to force-push malicious adjustments to each repository managed by the breached GitHub account by rebasing obfuscated malware to Python information named “setup.py,” “fundamental.py,” or “app.py.”
- The Base64-encoded payload, appended to the top of the Python file, options GlassWorm-like checks to find out if the system has its locale set to Russian. If that’s the case, it skips execution. In all different instances, the malware queries the transaction memo discipline related to a Solana pockets (“BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC”) beforehand linked to GlassWorm to extract the payload URL.
- Obtain further payloads from the server, together with encrypted JavaScript that is designed to steal cryptocurrency and knowledge.
“The earliest transaction on the C2 handle dates to November 27, 2025 — over three months earlier than the primary GitHub repo injections on March 8, 2026,” StepSecurity mentioned. “The handle has 50 transactions whole, with the attacker commonly updating the payload URL, generally a number of occasions per day.”
The disclosure comes as Socket flagged a brand new iteration of the GlassWorm that technically retains the identical core tradecraft whereas bettering survivability and evasion by leveraging extensionPack and extensionDependencies to ship the malicious payload via a transitive distribution mannequin.
In tandem, Aikido Safety additionally attributed the GlassWorm creator to a mass marketing campaign that compromised greater than 151 GitHub repositories with malicious code hid utilizing invisible Unicode characters. Apparently, the decoded payload is configured to fetch the C2 directions from the identical Solana pockets, indicating that the menace actor has been focusing on GitHub repositories in a number of waves.
The usage of totally different supply strategies and code obfuscation strategies, however the identical Solana infrastructure, suggests ForceMemo is a brand new supply vector maintained and operated by the GlassWorm menace actor, who has now expanded from compromising VS Code extensions to a broader GitHub account takeover.
“The attacker injects malware by force-pushing to the default department of compromised repositories,” StepSecurity famous. “This method rewrites git historical past, preserves the unique commit message and creator, and leaves no pull request or commit path in GitHub’s UI. No different documented provide chain marketing campaign makes use of this injection technique.”
