Cybersecurity Alert: GlassWorm Targets Python Supply Chain

A sophisticated supply chain attack known as ForceMemo, linked to the evolving GlassWorm malware campaign, has compromised hundreds of Python repositories by exploiting stolen GitHub authentication tokens. Attackers first infect developer systems through malicious tools, then use stolen credentials to silently inject harmful code into trusted projects, including Django apps, machine learning models, and PyPI packages. What makes this attack especially dangerous is its stealth—malicious code is force-pushed while preserving original commit details, leaving virtually no trace in repository history. The payload, often hidden in files like setup.py or main.py, uses Base64 encoding and even avoids execution on systems with Russian locale settings. It then connects to a Solana wallet to retrieve instructions, enabling further data theft and crypto-targeted attacks. Security experts warn that this method signals a new level of sophistication in supply chain threats, with potential risks for developers worldwide. Immediate precautions such as auditing access tokens, enforcing branch protections, and verifying dependencies are essential to prevent widespread compromise.