GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
Foto: The Hacker News
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs
More from Security
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Related Articles
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
11h
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Mar 16
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
Mar 14