In a technical analysis, StepSecurity reported that a campaign codenamed ForceMemo used GlassWorm malware to steal GitHub tokens and force-push obfuscated code into hundreds of Python repositories beginning March 8, 2026.
KEY FACTS
- Incident ForceMemo appended obfuscated malware to Python files in compromised repositories
- Timeline Earliest repository injections began on March 8, 2026
- Technique Stolen GitHub tokens used to rebase and force-push malicious commits while preserving original commit metadata
- Impact Hundreds of Python projects and two React Native npm packages were briefly compromised
The attack begins with GlassWorm delivered by malicious Visual Studio Code and Cursor extensions that include a component to steal secrets from developer systems and harvest GitHub tokens.
With the stolen tokens the attacker rebases the latest legitimate commits on a repository default branch and force-pushes changes. Obfuscated Base64 payloads are appended to files commonly named setup.py main.py or app.py so that running or installing code can trigger execution.
The appended payload contains checks to skip execution for systems with a Russian locale and extracts a payload URL from the transaction memo field of a Solana wallet. Additional payloads downloaded from the server include encrypted JavaScript designed to steal cryptocurrency and other data. Command and control activity linked to the wallet dates to November 27, 2025 with frequent payload URL updates.
An update identified two React Native npm packages briefly compromised on March 16, 2026. The rogue versions contained a preinstall hook that fetched a payload URL from a different Solana wallet, executed decrypted code in memory and wrote a persistence lock file at ~/init.json to limit reexecution within 48 hours.
WHY IT MATTERS
The campaign demonstrates a supply chain risk where developer tooling and account takeovers can lead to widespread injection of malicious code. Users who pip install from compromised repositories or install affected packages may execute remote payloads and expose systems and credentials.