GlassWorm Malware - GitHub Tokens Used to Inject Python Malware

What Happened

The GlassWorm malware campaign has taken a dangerous turn, utilizing stolen GitHub tokens to inject malware into numerous Python repositories. This ongoing attack has been identified by StepSecurity, revealing that it targets a wide range of Python projects, including Django applications, machine learning research code, Streamlit dashboards, and PyPI packages. The malicious code is cleverly appended to essential files such as setup.py, main.py, and app.py, making it particularly insidious.

The earliest known injections began on March 8, 2026, and the attack unfolds through a series of calculated steps. Initially, the attackers compromise developer systems by deploying GlassWorm malware via malicious Visual Studio Code and Cursor extensions. This malware is designed specifically to steal sensitive information, including GitHub tokens, which are then exploited to force-push malicious changes to the affected repositories.

Who's Being Targeted

The attack primarily affects developers working on Python projects hosted on GitHub. This includes a diverse array of applications, from web frameworks like Django to various libraries and tools available on the Python Package Index (PyPI). Anyone who runs pip install from a compromised repository or clones and executes the altered code risks activating the malware, which can lead to severe consequences such as data exfiltration and unauthorized cryptocurrency transactions.

The implications of this attack are significant, as it not only compromises individual projects but also undermines trust in the broader Python ecosystem. Developers must remain vigilant, as the attack's reach could potentially affect any user interacting with the compromised repositories.

Signs of Infection

Infected repositories will have obfuscated code inserted into critical Python files, typically at the end of the file. This code includes a Base64-encoded payload that checks the system's locale; if it detects a Russian setting, it will skip execution. Otherwise, it queries a specific Solana wallet for further payload URLs, enabling the download of additional malicious components designed to steal cryptocurrency and sensitive data.

The method of injection is particularly concerning. By force-pushing changes to the default branch of compromised repositories, attackers rewrite Git history, preserving the original commit message and author details. This technique leaves no visible trace in GitHub's user interface, making detection and remediation challenging.

How to Protect Yourself

To safeguard against the GlassWorm attack, developers should take immediate action. Here are some recommended steps:

• Review your GitHub repositories for any unauthorized changes or suspicious activity.
• Update your security practices by enabling two-factor authentication (2FA) on your GitHub account to prevent unauthorized access.
• Monitor your development environment for any signs of the GlassWorm malware, especially if you have installed any extensions recently.
• Educate your team about the risks of using unverified extensions and the importance of securing sensitive information like GitHub tokens.

By remaining vigilant and proactive, developers can help mitigate the risks posed by this evolving malware campaign and protect their projects from future attacks.