{"id":233441,"date":"2026-03-17T02:22:25","date_gmt":"2026-03-17T07:22:25","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/03\/glassworm-attack-uses-stolen-github-tokens-to-force-push-malware-into-python-repos"},"modified":"2026-03-17T02:22:25","modified_gmt":"2026-03-17T07:22:25","slug":"glassworm-attack-uses-stolen-github-tokens-to-force-push-malware-into-python-repos","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/03\/glassworm-attack-uses-stolen-github-tokens-to-force-push-malware-into-python-repos","title":{"rendered":"GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/glassworm-attack-uses-stolen-github-tokens-to-force-push-malware-into-python-repos.jpg\"><\/a><\/p>\n<p>The <a href=\"https:\/\/thehackernews.com\/2026\/03\/glassworm-supply-chain-attack-abuses-72.html\" rel=\"noopener\" target=\"_blank\">GlassWorm<\/a> malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.<\/p>\n<p>\u201cThe attack targets Python projects \u2014 including Django apps, ML research code, Streamlit dashboards, and PyPI packages \u2014 by appending obfuscated code to files like setup.py, main.py, and app.py,\u201d StepSecurity <a href=\"https:\/\/www.stepsecurity.io\/blog\/forcememo-hundreds-of-github-python-repos-compromised-via-account-takeover-and-force-push\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cAnyone who runs pip install from a compromised repo or clones and executes the code will trigger the malware.\u201d<\/p>\n<p>According to the software supply chain security company, the earliest injections date back to March 8, 2026. The attackers, upon gaining access to the developer accounts, <a href=\"https:\/\/www.atlassian.com\/git\/tutorials\/merging-vs-rebasing\" rel=\"noopener\" target=\"_blank\">rebasing<\/a> the latest legitimate commits on the default branch of the targeted repositories with malicious code, and then force-pushing the changes, while keeping the original commit\u2019s message, author, and author date intact.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. \u201cThe attack targets Python projects \u2014 including Django apps, ML research code, Streamlit dashboards, and PyPI packages \u2014 by appending obfuscated code to files like setup.py, main.py, and app.py,\u201d [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1497],"tags":[],"class_list":["post-233441","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-energy"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/233441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=233441"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/233441\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=233441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=233441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=233441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}