Full Report
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs
Analysis Summary
# Tool/Technique: GlassWorm (ForceMemo Campaign)
## Overview
GlassWorm is a sophisticated supply chain malware campaign that has evolved to target the Python ecosystem. The "ForceMemo" variant specifically leverages stolen GitHub personal access tokens (PATs) to hijack legitimate repositories. By using Git "force-push" and "rebase" techniques, the attackers inject malicious code while preserving original commit metadata (author, date, and messages), making the tampering nearly invisible in the GitHub UI.
## Technical Details
- **Type:** Malware Family / Supply Chain Attack
- **Platform:** Windows, macOS, Linux (Python environments, VS Code, Cursor editor)
- **Capabilities:** Credential theft (GitHub tokens), cryptocurrency theft, data exfiltration, anti-analysis (locale checking), and persistent C2 communication via blockchain.
- **First Seen:** Component activities noted November 2025; GitHub injections began March 8, 2026.
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1195.001 - Supply Chain Compromise: Compromise Software Dependencies]
- [T1566 - Phishing] (Via malicious VS Code/Cursor extensions)
- **[TA0006 - Credential Access]**
- [T1552 - Unsecured Credentials] (Stealing GitHub tokens from developer environments)
- **[TA0003 - Persistence]**
- [T1133 - External Remote Services] (Using stolen tokens to access GitHub)
- **[TA0005 - Defense Evasion]**
- [T1564 - Hide Artifacts] (Force-pushing to hide commit history/PR trails)
- [T1614.001 - System Location Discovery: System Language Profile] (Russian locale check)
- **[TA0011 - Command and Control]**
- [T1102.002 - Web Service: Bidirectional Communication] (Using Solana blockchain memo fields for C2)
## Functionality
### Core Capabilities
- **Token Hoarding:** Steals GitHub authentication tokens from local developer environments.
- **Automated Repository Hijacking:** Iterates through every repository accessible by a compromised token and appends obfuscated code to critical files (`setup.py`, `main.py`, `app.py`).
- **Git History Manipulation:** Uses `git push --force` and rebasing to overwrite the default branch. This ensures no Pull Request is created, bypassing peer review.
- **Execution Guardrails:** Checks the system locale; if the locale is set to Russian, the malware terminates to avoid targeting users in specific CIS regions.
### Advanced Features
- **Blockchain DNS/C2:** Queries the Solana blockchain (specifically the transaction memo field of a specific wallet) to retrieve the active C2 payload URL. This allows for dynamic C2 updates that are difficult to sinkhole.
- **Transitive Distribution:** Uses `extensionPack` and `extensionDependencies` in VS Code to pull in malicious components automatically when a user installs a seemingly benign extension.
## Indicators of Compromise
- **File Names:** `setup.py`, `main.py`, `app.py` (look for Base64 appended at EOF).
- **Network Indicators (Defanged):**
- Solana Wallet (C2 Source): `BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC`
- **Behavioral Indicators:**
- Unexpected `git push --force` actions on default branches.
- Python processes initiating network connections to cryptocurrency blockchain explorers.
- Presence of unrecognized VS Code or Cursor extensions.
## Associated Threat Actors
- **GlassWorm Actor** (No specific nation-state attribution provided, but code contains Russian-language exclusion logic).
## Detection Methods
- **Signature-based:** Search for Base64-encoded strings appended to the end of Python source files.
- **Behavioral:**
- Monitor for Git history rewrites on protected branches.
- Detect Python scripts querying Solana API endpoints or blockchain explorers (e.g., `solscan[.]io`).
- **Audit:** Regularly audit GitHub Audit Logs for `git.push` events using the `--force` flag, especially those associated with Personal Access Tokens.
## Mitigation Strategies
- **Branch Protection:** Enable "Require a pull request before merging" and "Restrict pushes" (disable force-push) on all default/production branches in GitHub.
- **Token Security:** Use short-lived GitHub Fine-Grained Personal Access Tokens with minimal scopes instead of classic PATs.
- **Extension Vetting:** Strictly control or audit the installation of VS Code and Cursor extensions within development teams.
- **Environment Isolation:** Use containers or virtual machines for testing untrusted Python packages or ML research code.
## Related Tools/Techniques
- **ForceMemo:** The specific campaign/sub-tool targeting GitHub repos.
- **Living-off-the-Chain:** The technique of using blockchain memos for C2 infrastructure.
- **Dependency Confusion:** Related supply chain method (though GlassWorm focuses on direct repository injection).