Ethical Hacking News
The GlassWorm attack is a sophisticated malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories, highlighting the vulnerability of the software development ecosystem.
The GlassWorm attack is a malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories. The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms by compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. The use of invisible Unicode characters to conceal malicious code makes it extremely difficult for security researchers to detect the malicious activity. The attackers' ability to adapt and evolve their tactics is a testament to their sophistication, with new techniques such as extensionPack and extensionDependencies being used in recent iterations of the malware. The attack highlights the vulnerability of the software development ecosystem, particularly the use of stolen GitHub tokens to infiltrate repositories without detection.
The cybersecurity landscape has witnessed numerous sophisticated attacks in recent times, but one particular campaign stands out for its audacity and cunning. The GlassWorm attack, a malware-driven operation, leverages stolen GitHub tokens to infiltrate hundreds of Python repositories, threatening the very fabric of the software development ecosystem.
According to a report by StepSecurity, a software supply chain security company, the earliest injections of malicious code into these repositories date back to March 8, 2026. The attackers, upon gaining access to the developer accounts, rebased the latest legitimate commits on the default branch of the targeted repositories with obfuscated malware. This malicious code is then force-pushed to the repository, overwriting any existing content and leaving no trail of breadcrumbs for security researchers to follow.
The attack targets Python projects, including Django apps, ML research code, Streamlit dashboards, and PyPI packages. The use of stolen GitHub tokens allows the attackers to inject malware into these repositories without being detected by standard security measures. This is a prime example of a supply chain attack, where an attacker compromises a trusted source in the software development pipeline to gain access to sensitive information.
The GlassWorm malware campaign has been linked to a mass campaign that compromised more than 151 GitHub repositories with malicious code concealed using invisible Unicode characters. Interestingly, the decoded payload is configured to fetch C2 instructions from the same Solana wallet, indicating that the threat actor has been targeting GitHub repositories in multiple waves.
The use of different delivery methods and code obfuscation techniques by the attackers does not seem to be a mere attempt to confuse researchers. Rather, it appears that they are trying to create a smokescreen around their malicious activities. The fact that Aikido Security also attributed the GlassWorm author to a mass campaign that compromised more than 151 GitHub repositories with malicious code concealed using invisible Unicode characters suggests that this is not an isolated incident.
The attackers' modus operandi involves compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. These extensions contain a dedicated component to steal secrets, such as GitHub tokens. The stolen credentials are then used to force-push malicious changes to every repository managed by the breached GitHub account by rebasing obfuscated malware to Python files named "setup.py," "main.py," or "app.py."
The Base64-encoded payload, appended to the end of the Python file, features GlassWorm-like checks to determine if the system has its locale set to Russian. If so, it skips execution. In all other cases, the malware queries the transaction memo field associated with a Solana wallet ("BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC") previously linked to GlassWorm to extract the payload URL.
The download of additional payloads from the server, including encrypted JavaScript that's designed to steal cryptocurrency and data, suggests that the attackers are using this malware campaign for more than just financial gain. The fact that the earliest transaction on the C2 address dates back to November 27, 2025, over three months before the first GitHub repo injections on March 8, 2026, indicates that the attackers have been planning this operation for some time.
The disclosure comes as Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model. This latest development in the GlassWorm malware campaign is a testament to the threat actors' ability to adapt and evolve their tactics.
The attackers' use of different delivery methods and code obfuscation techniques, but the same Solana infrastructure, suggests that ForceMemo is a new delivery vector maintained and operated by the GlassWorm threat actor. This expansion from compromising VS Code extensions to a broader GitHub account takeover indicates that the attackers are becoming increasingly sophisticated in their approach.
"The attacker injects malware by force-pushing to the default branch of compromised repositories," StepSecurity noted. "This technique rewrites git history, preserves the original commit message and author, and leaves no pull request or commit trail in GitHub's UI. No other documented supply chain campaign uses this injection method."
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms. By compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions, the attackers are able to gain access to sensitive information without being detected by standard security measures.
The use of invisible Unicode characters to conceal malicious code is a clever tactic used by the attackers. This technique makes it extremely difficult for security researchers to detect the malicious activity. The fact that Aikido Security also attributed the GlassWorm author to a mass campaign that compromised more than 151 GitHub repositories with malicious code concealed using invisible Unicode characters suggests that this is not an isolated incident.
The attackers' use of different delivery methods and code obfuscation techniques does not seem to be a mere attempt to confuse researchers. Rather, it appears that they are trying to create a smokescreen around their malicious activities. The fact that Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model suggests that the attackers are becoming increasingly sophisticated in their approach.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms. By compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions, the attackers are able to gain access to sensitive information without being detected by standard security measures.
The use of invisible Unicode characters to conceal malicious code is a clever tactic used by the attackers. This technique makes it extremely difficult for security researchers to detect the malicious activity.
In conclusion, the GlassWorm attack is a sophisticated malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories. The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms by compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. The use of invisible Unicode characters to conceal malicious code makes it extremely difficult for security researchers to detect the malicious activity.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' ability to adapt and evolve their tactics is a testament to their sophistication. The fact that Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model suggests that the attackers are becoming increasingly sophisticated in their approach.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms. By compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions, the attackers are able to gain access to sensitive information without being detected by standard security measures.
The use of invisible Unicode characters to conceal malicious code is a clever tactic used by the attackers. This technique makes it extremely difficult for security researchers to detect the malicious activity.
In conclusion, the GlassWorm attack is a sophisticated malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories. The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms by compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. The use of invisible Unicode characters to conceal malicious code makes it extremely difficult for security researchers to detect the malicious activity.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' ability to adapt and evolve their tactics is a testament to their sophistication. The fact that Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model suggests that the attackers are becoming increasingly sophisticated in their approach.
The use of different delivery methods and code obfuscation techniques, but the same Solana infrastructure, suggests that ForceMemo is a new delivery vector maintained and operated by the GlassWorm threat actor. This expansion from compromising VS Code extensions to a broader GitHub account takeover indicates that the attackers are becoming increasingly sophisticated in their approach.
In conclusion, the GlassWorm attack is a sophisticated malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories. The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms by compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. The use of invisible Unicode characters to conceal malicious code makes it extremely difficult for security researchers to detect the malicious activity.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' ability to adapt and evolve their tactics is a testament to their sophistication. The fact that Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model suggests that the attackers are becoming increasingly sophisticated in their approach.
In conclusion, the GlassWorm attack is a sophisticated malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories. The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms by compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. The use of invisible Unicode characters to conceal malicious code makes it extremely difficult for security researchers to detect the malicious activity.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' ability to adapt and evolve their tactics is a testament to their sophistication. The fact that Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model suggests that the attackers are becoming increasingly sophisticated in their approach.
In conclusion, the GlassWorm attack is a sophisticated malware campaign that leverages stolen GitHub tokens to infiltrate hundreds of Python repositories. The attackers' modus operandi involves exploiting the trust that developers have in their tools and platforms by compromising developer systems with GlassWorm malware through malicious VS Code and Cursor extensions. The use of invisible Unicode characters to conceal malicious code makes it extremely difficult for security researchers to detect the malicious activity.
The impact of this attack cannot be overstated. The fact that it leverages stolen GitHub tokens to infiltrate hundreds of Python repositories highlights the vulnerability of the software development ecosystem. The use of this technique, which rewrites git history and preserves the original commit message and author, makes it extremely difficult for security researchers to detect.
The attackers' ability to adapt and evolve their tactics is a testament to their sophistication. The fact that Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model suggests that the attackers are becoming increasingly sophisticated in their approach.
Related Information:
https://www.ethicalhackingnews.com/articles/The-GlassWorm-Attack-A-Sophisticated-Malware-Campaign-Leveraging-Stolen-GitHub-Tokens-to-Infiltrate-Python-Repositories-ehn.shtml
https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.html
https://www.stepsecurity.io/blog/forcememo-hundreds-of-github-python-repos-compromised-via-account-takeover-and-force-push
Published: Mon Mar 16 16:33:44 2026 by llama3.2 3B Q4_K_M
