A new malware campaign tracked as ForceMemo is quietly compromising hundreds of GitHub accounts and injecting hidden malicious code into Python repositories, leaving almost no visible trace.
The earliest confirmed infections date back to March 8, 2026, and the campaign is still active, with new repositories being hit each day.
The attack targets a broad range of Python projects, including Django web applications, machine learning research code, Streamlit dashboards, Flask APIs, and pip-installable packages.
The threat actor appends obfuscated malicious code to widely used Python files such as setup.py, main.py, and app.py.
Any developer who installs a package directly from a compromised repository or clones and runs the affected code inadvertently triggers the malware on their machine.
StepSecurity researchers were the first to identify and publicly report the campaign, naming it ForceMemo after its two most defining technical traits: the use of Git’s force-push command to silently overwrite repository history, and the use of Solana blockchain transaction memos as a command-and-control channel.
The root of the account takeovers has been traced to GlassWorm, a separate infostealer that spreads through malicious VS Code and Cursor extensions.
GlassWorm’s third-stage payload contains a dedicated module that harvests GitHub tokens from VS Code extension storage, git credential managers, and the GITHUB_TOKEN environment variable.
Once stolen, these credentials give the attacker full control to rewrite a developer’s repositories.
Accounts like BierOne, wecode-bootcamp-korea, and HydroRoll-Team each had six repositories compromised, showing how a single stolen credential can expose an entire developer account.
Hundreds of Python repositories across hundreds of GitHub accounts have been confirmed infected with identical malware, and the count keeps growing.
Developers working on Django apps, ML research code, and open-source API packages have all been caught in the crossfire, making ForceMemo one of the most widespread supply chain attacks targeting the Python ecosystem in recent months.
Stealth Injection Through Force-Push
Rather than opening a pull request or creating a new visible commit, the attacker uses a far quieter method.
Rebased Commit on amirasaran – django-restful-admin (Source – StepSecurity)
The attacker takes the most recent legitimate commit on the default branch, appends obfuscated malware to a key Python file, and force-pushes the modified commit back to the repository.
The original commit message, author name, and author date are all preserved, making it appear as though nothing ever changed.
The only sign of tampering is a mismatch between the original author date and the actual committer date, with gaps ranging from nine months to nine years in affected repositories.
The committer email is also consistently set to the string “null”, which appears to be a fingerprint of the attacker’s tooling.
GitHub Events API for amirasaran – django-restful-admin (Source – StepSecurity)
Here’s the exact moment wehere the force-push replaced a clean commit on March 10, 2026, at 21:58 UTC.
The injected payload uses three layers of obfuscation: base64 decoding, zlib decompression, and XOR decryption with a key of 134.
Before doing anything else, the malware checks whether the infected system uses a Russian locale or timezone and, if so, stops execution entirely — a well-known operational practice among Eastern European cybercriminal groups.
When the malware does run, it contacts a Solana blockchain wallet to retrieve its next instructions.
Since blockchain data cannot be deleted or censored, the attacker can post updated payload URLs at any time through on-chain memos, making the infrastructure effectively immune to takedowns.
The malware also queries nine separate Solana RPC endpoints as fallbacks.
Developers are advised to search cloned Python files for the marker variable lzcdrtfxyqiplpd, check for ~/init.json in their home directory, and look for an unexpected node-v22.9.0 folder indicating the malware has already deployed its payload runner.
Repository maintainers should confirm their default branch matches the last known legitimate commit, paying close attention to any mismatch between the author date and committer date in recent logs.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post ForceMemo Hijacks GitHub Accounts, Backdoors Hundreds of Python Repos via Force-Push appeared first on Cyber Security News.
