Critical ForceMemo Flaw Hijacks GitHub Accounts, Backdoors Python Repos
Key Takeaways A new malware campaign, dubbed “ForceMemo,” is actively compromising hundreds of GitHub accounts and injecting malicious code into Python repositories. The attack leverages...
Key Takeaways
- A new malware campaign, dubbed “ForceMemo,” is actively compromising hundreds of GitHub accounts and injecting malicious code into Python repositories.
- The attack leverages stolen GitHub tokens, primarily obtained via the “GlassWorm” infostealer, to perform “force-pushes” that subtly rewrite repository history.
- ForceMemo targets a wide array of Python projects, including Django, Flask, Streamlit, and machine learning code, with infections dating back to March 8, 2026, and continuing.
- The malware employs sophisticated obfuscation, a Russian locale check, and uses Solana blockchain transaction memos for resilient command-and-control.
- Developers and repository maintainers are urged to check for specific indicators of compromise and verify commit integrity.
A sophisticated malware operation, dubbed “ForceMemo,” is silently infiltrating hundreds of GitHub accounts and embedding malicious code into Python projects. The campaign, which was first detected on March 8, 2026, continues to expand, affecting new repositories daily with a stealthy technique that leaves minimal traces.
Table Of Content
The attackers are targeting a diverse range of Python applications, including web frameworks like Django and Flask, machine learning research code, Streamlit dashboards, and widely distributed pip-installable packages. Maliciously obfuscated code is appended to critical Python files such as setup.py, main.py, and app.py. Any developer who installs a package from an affected repository or executes compromised code inadvertently triggers the malware on their local machine.
StepSecurity researchers were instrumental in discovering and publicly disclosing this campaign. They named it “ForceMemo” to reflect its two defining characteristics: the use of Git’s “force-push” command to silently overwrite repository history, and the utilization of Solana blockchain transaction memos for command-and-control communications.
The initial compromise leading to GitHub account takeovers has been linked to “GlassWorm,” a separate information stealer. GlassWorm propagates through malicious VS Code and Cursor extensions and features a dedicated module designed to extract GitHub tokens from various sources, including VS Code extension storage, git credential managers, and the GITHUB_TOKEN environment variable. Once these credentials are stolen, attackers gain complete control over a developer’s repositories. Instances like the compromise of BierOne, wecode-bootcamp-korea, and HydroRoll-Team, where six repositories each were affected, highlight the extensive damage a single stolen credential can inflict.
Hundreds of Python repositories across numerous GitHub accounts have been confirmed to host identical malware, with the number steadily increasing. This broad impact on developers working on critical infrastructure like Django applications, ML research, and open-source API packages positions ForceMemo as one of the most significant supply chain attacks targeting the Python ecosystem in recent memory.
Stealth Injection Through Force-Push
Instead of relying on visible methods like pull requests or new commits, the attackers employ a far more surreptitious approach. They take the most recent legitimate commit on a repository’s default branch, insert their obfuscated malware into a key Python file, and then use a force-push to overwrite the repository’s history with the modified commit. The original commit message, author name, and author date are meticulously preserved, creating the illusion that no changes have occurred.
The primary indicator of tampering is a discrepancy between the original author date and the actual committer date, with observed gaps ranging from nine months to nine years. Additionally, the committer email is consistently set to “null,” which appears to be a unique fingerprint of the attacker’s tooling.
For example, a clean commit on amirasaran – django-restful-admin was replaced by a force-push on March 10, 2026, at 21:58 UTC. This event, visible through the GitHub Events API, demonstrates the precise timing of these stealthy injections.
The injected payload employs a three-layer obfuscation scheme: base64 decoding, zlib decompression, and XOR decryption using a key of 134. Crucially, before any malicious activity commences, the malware checks for Russian locale or timezone settings on the infected system. If detected, execution is halted, a common tactic observed among Eastern European cybercriminal groups.
When the malware successfully runs, it establishes communication with a Solana blockchain wallet to retrieve further instructions. This choice of command-and-control infrastructure is particularly resilient, as blockchain data is immutable and censorship-resistant. Attackers can post updated payload URLs via on-chain memos, rendering the C2 infrastructure effectively immune to takedowns. The malware also incorporates nine separate Solana RPC endpoints as fallbacks to ensure persistent connectivity.
What You Should Do
- Developers: Search your cloned Python files for the variable
lzcdrtfxyqiplpd. Check your home directory for an unexpected~/init.jsonfile and look for anode-v22.9.0folder, which indicates the malware’s payload runner has been deployed. - Repository Maintainers: Verify that your default branch accurately matches the last known legitimate commit. Pay close attention to any inconsistencies between the author date and committer date in recent commit logs, as this is a key indicator of a force-push attack.
- Security Best Practices: Regularly audit GitHub tokens, ensure strong authentication for all GitHub accounts, and educate developers on the risks associated with installing untrusted VS Code/Cursor extensions.
- Supply Chain Vigilance: Exercise extreme caution when installing packages directly from GitHub repositories or cloning and running code from unverified sources. Prefer official package managers and trusted registries.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.