GlassWorm ForceMemo Uses Stolen GitHub Tokens to Inject Malware

Security researchers say a new offshoot of the GlassWorm campaign, dubbed ForceMemo, is using stolen GitHub tokens to inject obfuscated malware into hundreds of Python repositories. StepSecurity reported the campaign and said the earliest repository injections date back to March 8, 2026.

StepSecurity described a four-step attack flow. First, GlassWorm compromises developer systems via malicious VS Code and Cursor extensions and steals secrets such as GitHub tokens. Second, the attackers use those credentials to rebase and force-push malicious code into files named setup.py, main.py, or app.py across every repository owned by the breached account. Third, the appended Base64 payload contains checks that skip execution for Russian locales and, in other cases, reads a transaction memo on a Solana wallet to extract a payload URL. StepSecurity pointed to a Solana address used to fetch payloads and said the address had activity dating back to November 27, 2025.

“Anyone who runs pip install from a compromised repo or clones and executes the code will trigger the malware,” StepSecurity said. The firm also noted the attackers keep the original commit message, author, and author date when they rebase and force-push, effectively rewriting git history without leaving a visible pull request or commit trail in GitHub’s web interface.

Socket highlighted that GlassWorm continues to evolve, retaining core tradecraft while improving evasion and survivability by abusing extensionPack and extensionDependencies to reach victims through transitive extension installs. Aikido Security linked the same actor to a separate mass campaign that hid malicious code with invisible Unicode characters and said the decoded payload fetched commands from the same Solana infrastructure, indicating multiple coordinated waves.

StepSecurity called this injection method notable: “The attacker injects malware by force-pushing to the default branch of compromised repositories,” the firm said. “No other documented supply chain campaign uses this injection method.”

Beyond repository hijacks, U.S. federal authorities flagged an unrelated but urgent issue. The Cybersecurity and Infrastructure Security Agency added a critical expression-injection vulnerability in the n8n workflow automation platform to its Known Exploited Vulnerabilities catalog. CISA said the flaw, tracked as CVE-2025-68613 with a 9.9 CVSS score, allows remote code execution via n8n’s workflow expression evaluation system.

According to n8n maintainers, an authenticated attacker could weaponize the flaw to run arbitrary code with the n8n process privileges, potentially compromising an instance and exposing sensitive data or workflows. Shadowserver Foundation data shows more than 24,700 internet-exposed n8n instances remained unpatched as of early February 2026, with over 12,300 in North America and about 7,800 in Europe, the researchers reported.

Pillar Security subsequently disclosed two critical issues in n8n, including CVE-2026-27577, which Pillar classified as an additional exploit in the same expression evaluation area. CISA’s KEV listing triggered a federal patching order: Federal Civilian Executive Branch agencies were directed to patch affected n8n instances by March 25, 2026, under an existing binding operational directive.

Together, the repository hijacks and n8n vulnerabilities underline a broader pattern: attackers are combining targeted developer account takeovers, malicious extension distribution, and critical application flaws to expand access and persistence. StepSecurity, Socket, Aikido Security, CISA, Shadowserver Foundation, Pillar Security, and n8n maintainers all urge organizations to audit exposed services, rotate compromised tokens, and apply vendor patches promptly.

#SupplyChain #GitHub #Malware #n8n #CyberAttack #Cybersecurity #cybersecuritywaala