THE GlassWorm malware campaign is being used to fuel an ongoing attack that leverages stolen GitHub tokens to inject malware into hundreds of Python repositories, including Django apps, ML research code, Streamlit dashboards, and PyPI packages. According to StepSecurity, attackers gain access to developer accounts, rebase the latest legitimate commits on the default branch, and force-push changes while keeping the original commit message, author, and author date intact.
The attack, named ForceMemo, begins with compromise of developer systems through malicious VS Code and Cursor extensions, followed by the theft of secrets such as GitHub tokens and the use of those credentials to push obfuscated malware to repositories. The Base64 payload appended to Python files checks if the system locale is Russian and, if not, contacts a Solana wallet to fetch the payload URL before downloading additional payloads, including encrypted JavaScript designed to steal cryptocurrency and data.
The earliest injections date from 8 March 2026, and the campaign’s C2 activity is said to date back to 27 November 2025, with 50 transactions observed on the address.