GlassWorm Campaign Compromises Python Development Supply Chain
Security researchers at StepSecurity discovered an active malware campaign on March 16, 2026, where attackers exploit stolen GitHub authentication tokens to inject malicious code into Python repositories. The GlassWorm malware specifically targets popular Python frameworks and machine learning projects.
The attackers append obfuscated malicious code to critical Python files including setup.py, main.py, and app.py. This supply chain attack method allows the malware to execute whenever developers or users run the compromised code.
Python Developers and ML Researchers at Risk
The campaign primarily affects Python developers working with Django web applications, machine learning research projects, Streamlit dashboard applications, and PyPI package maintainers. Hundreds of repositories have been compromised, putting both individual developers and organizations at risk.
Any developer who downloads, clones, or executes code from the affected repositories could unknowingly run the GlassWorm malware on their systems.
Related: KadNap Malware Hijacks 14,000 Asus Routers for Botnet
Related: Chrome Extensions Turn Malicious After Ownership Transfer
Related: Malicious npm Package Mimics OpenClaw AI to Deploy RAT
Related: GitHub Accounts Breached in VS Code GlassWorm Aftermath
GitHub Token Theft Enables Repository Poisoning
The attackers gained unauthorized access to GitHub repositories by stealing authentication tokens, likely through credential theft or social engineering attacks. Once inside, they systematically modify Python files to include their malicious payload without alerting repository owners.
Developers should immediately audit their Python projects for unexpected code changes and review their GitHub token security. Organizations should monitor their repositories for unauthorized commits and implement CISA's security guidelines for supply chain protection.
