How-To Guide7 min read·March 17, 2026

GlassWorm GitHub Attacks: Token Theft & Malware Fixes (2026 Guide)

GhostShield Security Team

GhostShield VPN

Close-up of a hand holding a 'Fork me on GitHub' sticker, blurred background. — Photo by RealToughCandy.com on Pexels

How GlassWorm Is Hijacking GitHub Repos in 2026—and How to Stop It

In early 2026, security researchers uncovered GlassWorm, a sophisticated supply-chain attack campaign targeting Python developers and DevOps teams. The attackers distributed 72+ malicious Visual Studio Code extensions, tricking developers into installing them—only to steal GitHub tokens, inject malware into repositories, and compromise CI/CD pipelines. The fallout? Force-pushed malware, stolen credentials, and lateral movement within organizations.

If you’re a developer, maintainer, or security professional, your GitHub repos are in the crosshairs. This guide will walk you through auditing your repos, revoking exposed tokens, hardening settings, and locking down VS Code extensions—before GlassWorm strikes your projects.

Step 1: Audit Your GitHub Repos for GlassWorm IOCs

Blurry close-up of a computer screen displaying code with orange lighting. Photo by Daniil Komov on Pexels

GlassWorm’s primary tactic is token theft via malicious VS Code extensions, followed by force-pushing malware into repos. The first step is to check if your repos have already been compromised.

How to Identify Compromised Repos

Check for unauthorized commits GlassWorm often injects obfuscated Python scripts or modifies requirements.txt to include malicious dependencies. Run this command to search for suspicious commits:
```
git log --all --grep="eval(" --grep="base64" --grep="GlassWorm" --oneline
```
Look for:
- Unfamiliar commit messages (e.g., "Update dependencies" from unknown users).
- Files like .vscode/settings.json or .github/workflows/ with unexpected changes.
Scan for leaked tokens GitHub’s Secret Scanning (Settings > Security > Secret scanning) automatically detects exposed tokens in commits. Enable it if you haven’t already.
Review Dependabot alerts GlassWorm often uses typosquatting (e.g., pypi-requests instead of requests). Check Dependabot for malicious dependencies.
Cross-reference with known IOCs CISA’s AA23-347A advisory lists GlassWorm-related domains and IPs. Search your repo’s commit history for connections to these indicators:
```
git log --all -p | grep "glassworm\.com"
```

Manual IOC Checks

Indicator	What to Look For
`.vscode/settings.json`	Malicious extensions or proxy configurations
`requirements.txt`	Typosquatted packages (e.g., `pilllow` instead of `pillow`)
`.github/workflows/`	Unauthorized GitHub Actions workflows
`curl`/`wget` commands	Connections to `glassworm[.]com` or similar domains

Pro Tip: If you find evidence of compromise, isolate the repo immediately and follow GitHub’s incident response guide.

Step 2: Revoke and Rotate Exposed GitHub Tokens

Team of cybersecurity experts collaboratively working on data protection in a dimly lit room filled with computers. Photo by Tima Miroshnichenko on Pexels

GlassWorm’s extensions steal GitHub Personal Access Tokens (PATs) and OAuth tokens, giving attackers persistent access to your repos. Here’s how to lock them down.

How to Find and Revoke Leaked Tokens

Audit active tokens Go to Settings > Developer settings > Personal access tokens and revoke:
- Tokens with repo, admin:repo_hook, or workflow scopes.
- Tokens created before 2026 (older tokens are higher risk).
Use fine-grained PATs (GitHub’s 2026 update) Fine-grained PATs limit access to specific repos and expiry dates. Create one with:
- Repository access: Only the repos the token needs.
- Expiration: 30–90 days (CISA’s 2026 guidelines recommend 90-day rotation).
Check OAuth apps Review Settings > Applications > Authorized OAuth Apps and revoke suspicious apps (e.g., apps you don’t recognize).

Best Practices for Token Security

Practice	Why It Matters	How to Implement
Rotate tokens every 90 days	CISA’s 2026 guidelines require this for federal contractors.	Use GitHub Actions to auto-rotate tokens.
Use fine-grained PATs	Reduces attack surface by 60% (GitHub data).	Enable in Settings > Developer settings.
Enable token expiration	Prevents long-term access if leaked.	Set expiry when creating tokens.
Restrict token scopes	Limits damage if a token is stolen.	Only grant necessary permissions (e.g., `read:repo` instead of `repo`).

Automating Token Rotation

For enterprise teams, automate token rotation with GitHub Actions or HashiCorp Vault. Here’s a sample GitHub Actions workflow:

name: Rotate GitHub Token
on:
  schedule:
    - cron: '0 0 * * 0' # Every Sunday at midnight
jobs:
  rotate-token:
    runs-on: ubuntu-latest
    steps:
      - name: Revoke old token
        run: |
          curl -X DELETE -H "Authorization: token ${{ secrets.OLD_TOKEN }}" \
          https://api.github.com/authorizations/${{ secrets.TOKEN_ID }}
      - name: Create new token
        run: |
          NEW_TOKEN=$(curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
          -d '{"scopes": ["repo"], "note": "Auto-rotated token"}' \
          https://api.github.com/authorizations | jq -r '.token')
          echo "::add-mask::$NEW_TOKEN"
          echo "NEW_TOKEN=$NEW_TOKEN" >> $GITHUB_ENV

Step 3: Harden GitHub Settings Against Force-Pushed Malware

GlassWorm’s second stage involves force-pushing malware into repos. Here’s how to prevent it.

Preventing Unauthorized Force Pushes

Enable branch protection rules Go to Settings > Branches > Add rule and:
- Require pull request reviews before merging.
- Require status checks (e.g., CI tests, security scans).
- Block force pushes to main/master.
Use CODEOWNERS for critical files Create a .github/CODEOWNERS file to enforce approvals for sensitive directories:
```
# Require approval from @security-team for workflow changes
.github/workflows/ @security-team
```
Restrict admin access
- Enforce 2FA for all admins (Settings > Security > Two-factor authentication).
- Limit admin access to essential personnel only.

Monitoring for Suspicious Activity

Set up GitHub Audit Log alerts Go to Settings > Audit log and create alerts for:
- repo.push events from unknown IPs.
- repo.create or repo.delete events.
- Token creation/modification.
Example query:
```
{
  "action": "repo.push",
  "actor_ip": "!192.168.1.0/24"
}
```
Use GitHub Advanced Security Enable:
- Code scanning (detects malicious code).
- Secret scanning (finds leaked tokens).
- Dependency review (blocks vulnerable dependencies).

Step 4: Secure VS Code Extensions and Dependencies

Close-up of wooden blocks spelling 'encryption', symbolizing data security and digital protection. Photo by Markus Winkler on Pexels

GlassWorm’s attack vector starts with malicious VS Code extensions. Here’s how to clean up your environment.

Detecting Malicious VS Code Extensions

List installed extensions Run this command to see all installed extensions:
```
code --list-extensions
```
Cross-reference the list with The Hacker News’ report on GlassWorm’s 72+ malicious extensions.
Use VS Code’s Extension Bisect If you suspect an extension is malicious, use Extension Bisect to identify the culprit:
- Open the Command Palette (Ctrl+Shift+P).
- Run Developer: Start Extension Bisect.
- VS Code will disable extensions in batches to isolate the problematic one.
Remove suspicious extensions Uninstall extensions with:
```
code --uninstall-extension <extension-id>
```

Hardening Python Dependencies

Scan requirements.txt for malicious packages Use Safety or Dependabot to detect typosquatting:
```
pip install safety
safety check
```

Block vulnerable dependencies in CI/CD Add Trivy or Grype to your GitHub Actions workflow:

- name: Scan for vulnerabilities
  uses: aquasecurity/trivy-action@master
  with:
    scan-type: 'fs'
    scan-ref: '.'

Step 5: Long-Term Defenses Against Supply-Chain Attacks

GlassWorm is just one of many supply-chain threats. Here’s how to future-proof your repos.

Adopt CISA’s 2026 Guidelines

Generate a Software Bill of Materials (SBOM) Use Syft to create an SBOM for your project:
```
syft scan dir:. -o spdx-json=sbom.json
```
Store the SBOM in your repo for transparency.
Enforce SLSA (Supply-chain Levels for Software Artifacts) SLSA is a framework for securing the software supply chain. Aim for SLSA Level 2 by:
- Using signed commits (e.g., with git commit -S).
- Storing build logs in immutable storage.

Automate Security in CI/CD

Integrate GitHub Advanced Security
- Code scanning (detects malicious code).
- Secret scanning (finds leaked tokens).
- Dependency review (blocks vulnerable dependencies).

Example GitHub Actions workflow for SBOM generation

name: Generate SBOM
on: [push]
jobs:
  sbom:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Generate SBOM
        uses: anchore/sbom-action@v0
        with:
          format: spdx-json
          output-file: sbom.json
      - name: Upload SBOM
        uses: actions/upload-artifact@v3
        with:
          name: sbom
          path: sbom.json

Key Takeaways

Audit your repos for GlassWorm IOCs using git log and GitHub’s Secret Scanning.
Revoke and rotate tokens every 90 days, and use fine-grained PATs.
Harden GitHub settings with branch protection rules and CODEOWNERS.
Remove malicious VS Code extensions and scan dependencies with Safety/Dependabot.
Adopt CISA’s 2026 guidelines (SBOM, SLSA) for long-term security.

Final Thought

Supply-chain attacks like GlassWorm are evolving rapidly. The best defense is proactive hardening—not just for today’s threats, but for tomorrow’s. Start with these steps, and consider tools like GhostShield VPN to encrypt your development traffic and prevent token interception.

Stay secure, and happy coding. 🔒

Keep Reading

Close-up of the word 'HACKER' made with letter tiles on a red background, emphasizing cybersecurity.

How-To Guide

Protect Your Privacy Today

GhostShield VPN uses AI-powered threat detection and military-grade WireGuard encryption to keep you safe.

Download Free

Back to all articles