Invisible Infiltration: How GlassWorm Quietly Poisoned Python Projects Across GitHub

On a quiet morning in March 2026, hundreds of developers awoke to find their Python repositories on GitHub had been silently hijacked. Their code was intact, their commit histories untouched - or so it seemed. Unbeknownst to them, a sophisticated adversary had already rewritten the rules of software supply chain attacks, injecting a new breed of malware directly into the heart of open-source development. The culprit: a shadowy campaign known as GlassWorm, now armed with a chilling new tactic codenamed ForceMemo.

The Anatomy of a Silent Takeover

Unlike the usual barrage of phishing emails or noisy ransomware, the GlassWorm campaign operates in near-total silence. The attack begins with the infection of developers’ systems through tainted Visual Studio Code and Cursor extensions. Once installed, the malware quietly harvests GitHub authentication tokens - digital keys that grant access to repositories.

Armed with these stolen credentials, GlassWorm’s operators move to stage two: force-pushing their payload into the victim’s repositories. But this isn’t a simple overwrite. Instead, attackers rebase the latest legitimate code, append a Base64-obfuscated malware snippet to key Python files (like setup.py, main.py, and app.py), and force-push the changes. Crucially, they preserve the original commit messages, authors, and dates - erasing any obvious evidence of tampering from GitHub’s interface.

This obfuscation is more than cosmetic. The malware is engineered to avoid detection in Russian environments, skipping execution if it senses a Russian locale. For everyone else, it reaches out to a Solana wallet - using its transaction memo field as a covert channel to retrieve the latest payload URL. This allows the attacker to update the malware’s behavior frequently and flexibly, without ever touching the compromised repositories again.

Subsequent payloads include encrypted JavaScript designed to steal cryptocurrency and sensitive user data. Investigators have traced the attack’s infrastructure back to late 2025, with over 50 transactions linked to the same Solana address. The campaign’s evolving tactics - such as leveraging Unicode invisibility and exploiting dependency chains - suggest a threat actor with both technical acumen and a deep understanding of the open-source ecosystem’s blind spots.

Security experts warn that the unique use of force-pushes, which rewrite repository history without creating visible traces, sets this campaign apart from all previously documented supply chain attacks. With GlassWorm, the future of open-source trust has never looked more uncertain.

Conclusion

The GlassWorm campaign is a stark reminder that even the most trusted corners of the software world are vulnerable to invisible manipulation. As attackers grow more sophisticated, developers and organizations must rethink how they secure their code, their credentials, and their communities. In the era of invisible infiltration, vigilance is the only defense.

WIKICROOK

• Force: Force in cybersecurity often means brute force attacks or forcibly stopping processes to gain access or disrupt systems.
• Obfuscated code: Obfuscated code is deliberately scrambled programming code designed to be hard to read, often used by hackers to hide malware from security tools.
• GitHub token: A GitHub Token is a secure digital key that authorizes users or programs to access private code and data on GitHub without needing a password.
• Locale: Locale refers to language and regional settings on a system, impacting software behavior, data formats, and sometimes security or compliance requirements.
• Rebasing: Rebasing in Git rewrites commit history, integrating changes from one branch onto another to keep code history clean and manageable.