GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
Summary
The GlassWorm malware campaign is actively injecting malicious code into hundreds of Python repositories by exploiting stolen GitHub tokens. Attackers are targeting various Python projects, including those for Django apps, ML research, Streamlit dashboards, and PyPI packages, by appending obfuscated code to critical files like setup.py, main.py, and app.py.
IFF Assessment
This attack is detrimental to defenders as it compromises the integrity of widely used software supply chains, potentially infecting numerous downstream users with malware.
Defender Context
Defenders need to be vigilant about the security of their code repositories and CI/CD pipelines, especially those integrated with third-party services like GitHub. This incident highlights the importance of robust authentication mechanisms, credential management, and code integrity checks to prevent supply chain attacks.