17.03.2026
2 min
286
A variant of the GlassWorm attack that abuses obtained GitHub tokens to fire up mass scale injects of malicious code into Python projects. The campaign empowers assailants in carrying out silent supply chain attacks on multiple repositories and infects developers and users through two of the most commonly used commands, pip install.
Significant Attack targeted almost all wide use group of python projects such as Django apps machine learning code, Streamlit dashboards, and PyPI packages. Extended version: Append malicious code to key files like setup py, main. py, or app. py.
It activates the malware when a user installs or runs the code.
The second phase includes: using GlassWorm, attackers compromise developer accounts and then;
rebase legitimate commits
inject obfuscated malicious code
on source branch, force push to default branch
preserve original commit metadata
This renders an attack nearly imperceptible within GitHub’s UI. This fresh form of the campaign is known as ForceMemo, and works in multiple phases:
Attack VS Code or Cursor extensions to compromise developers
Steal secrets, including GitHub tokens
Force-push malicious changes across repositories
Get Payloads Delivered To Solana Wallet
Executelog:Payload Base64 chứa ta sẽ kiểm tra hệ địa điểm cần thiết là gì và không thực hiện nếu máy chủ được thiết lập là tiếng Nga. If not, it gets the next-stage URL from Solana tx data. More payloads are then fetched, such as encrypted JavaScript made to pilfer cryptocurrency and information. Anyone performing pip install from a malicious repo or cloning and running the code will fire the malware. They also observed the reuse of the same Solana infrastructure but delivering it in different ways, suggesting that it is a campaign that can scale and evolve.
Even the techniques present in GlassWorm reveal a new level of supply chain attack sophistication, whereby attackers don’t publish packages with malware but rather take over existing repositories and place code without changing front-facing history.
This leads to a particularly menacing threat, where even trusted projects can be compromised without a sound.
