Open Source 2026-03-08 · 6 days ·Credential Theft, Wallet Key Theft

ForceMemo force-pushed Python malware

ForceMemo was a GitHub account-takeover campaign that force-pushed similar malware into hundreds of Python repositories across Django apps, ML research, Streamlit dashboards, Flask APIs, and projects installed directly from GitHub.

Story

Beginning on March 8, 2026, an attacker quietly force-pushed obfuscated Python malware into the default branches of more than 240 GitHub repositories belonging to dozens of unrelated developers, mostly Django apps, machine-learning research code, Streamlit dashboards, and small Flask APIs that downstream users tended to install straight from a git URL. StepSecurity, which first reported the campaign on March 14, named it ForceMemo for its delivery mechanism and its command channel.

The injection was designed to defeat a casual git log review. The attacker took the most recent legitimate commit on each repository, kept its message, author, and author date, then rebased it with a malicious tail appended to a likely entry point such as setup.py, main.py, or app.py, and force-pushed the result. Only the committer date and a glance at the bottom of the file would betray the rewrite.

The appended Python was wrapped in base64, zlib, and an XOR layer, all organized around a shared marker variable named lzcdrtfxyqiplpd (still a useful GitHub code search string). Once decoded, the loader queried transaction memos on a Solana wallet, BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC, for command instructions, downloaded Node.js v22.9.0 when it needed a runtime, fetched encrypted JavaScript stages, and dropped ~/init.json as a two-day persistence marker.

StepSecurity tied the account-takeover path back to GlassWorm, the credential-stealing malware shipped through poisoned VS Code and Cursor extensions in the preceding weeks. The two campaigns used different injection techniques but shared the same Solana wallet for command and control, evidence that the same operator was behind both. This record covers the Python repository delivery path; the GlassWorm campaign as a whole is tracked separately.

Affected Artifacts

forcememo-python-repos

github · github.com · Source Repository

Observed: 2026-03-08 to 2026-03-14
Compromised Versions: Unknown
Fixed: Not listed
Evidence: distribution: github.com/amirasaran/django-restful-admin, distribution: github.com/amirasaran/request_validator, distribution: github.com/BierOne/bottom-up-attention-vqa, distribution: github.com/BierOne/ood_coverage , +23 more

The ForceMemo scope included more than 240 Python repositories.
The related GlassWorm scope included more than 151 GitHub repositories.

Incident Context

Motive: Credential Theft Wallet Key Theft
Cause: Compromised Account Credentials
Transitive: No

External References

ForceMemo compromised hundreds of GitHub Python repos via account takeover and force-pushstepsecurity.io

Source record: oss/attacks/forcememo-python-repos/meta.yaml