โ๏ธArs TechnicaโขStalecollected in 3h
Invisible Unicode hits GitHub repos
๐กGitHub supply-chain via invisible codeโscan your AI repos NOW!
โก 30-Second TL;DR
What Changed
Invisible Unicode in source code
Why It Matters
Threatens open-source AI models and tools on GitHub by hiding malware. Developers must enhance scanning to protect pipelines.
What To Do Next
Scan repos with unicode-range-aware tools like 'ufo' or GitHub Dependabot for invisible characters.
Who should care:Developers & AI Engineers
๐ง Deep Insight
Web-grounded analysis with 6 cited sources.
๐ Enhanced Key Takeaways
- โขThreat actor Glassworm, first identified in October 2025 targeting VS Code extensions, returned in March 2026 compromising over 150 GitHub repos, npm packages, and VS Code extensions between March 3-9[1][2].
- โขMalicious payloads use Solana blockchain accounts for command-and-control and data exfiltration, fetching instructions and stealing credentials instead of traditional C2 servers[1][3].
- โขAI-generated commits provide camouflage by mimicking each target's coding style with documentation tweaks and refactors, enabling scaled attacks across diverse repositories[1][2].
- โขPayloads harvest credentials for GitHub tokens, NPM tokens, OpenVSX credentials, and over 70 cryptocurrency wallets to propagate infections and enable further supply chain compromises[4][5].
๐ ๏ธ Technical Deep Dive
- โขExploits Private Use Area (PUA) Unicode characters in ranges U+FE00โU+FE0F and U+E0100โU+E01EF, which render invisible in code editors, terminals, and GitHub interfaces[1].
- โขInvisible characters encode executable JavaScript payloads, such as decoder strings in backticks that produce code fetching Solana-based instructions[1][2].
- โขPayload stages: decodes invisible code, downloads AES-256-CBC encrypted loader via HTTP (keys in headers), harvests credentials including 49+ crypto wallets, GitHub/NPM/OpenVSX tokens[4][5].
- โขSelf-propagating: stolen credentials used to inject malware into additional repos/packages/extensions, turning infected machines into SOCKS proxies, HVNC servers, and execution nodes[4].
๐ฎ Future ImplicationsAI analysis grounded in cited sources
Repository managers will adopt Unicode normalization as standard pre-commit hook by end of 2026
Solana C2 usage will increase 3x in supply chain attacks by Q4 2026
โณ Timeline
2025-10
Glassworm campaign discovered targeting Open VSX Registry with invisible Unicode in VS Code extensions, leading to 35,000+ downloads
2025-10
Glassworm shifts to GitHub repositories using same Unicode technique
2025-11
KOI Security researchers name and detail Glassworm malware traits including credential harvesting
2026-02
Related attack uses invisible Unicode in rules files targeting GitHub Copilot and Cursor AI agents
2026-03
Glassworm launches mass wave compromising 151+ GitHub repos, npm, and VS Code between March 3-9
๐ Sources (6)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- dev.to โ Glassworm How Invisible Unicode Characters and Solana Are Powering the Biggest Supply Chain Attack 4a4j
- aikido.dev โ Glassworm Returns Unicode Attack Github Npm Vscode
- knostic.ai โ Zero Width Unicode Characters Risks
- endorlabs.com โ Invisible Threats Glassworm Unicode Vscode
- snyk.io โ Defending Against Glassworm
- darkreading.com โ Supply Chain Worms in 2026 What Shai Hulud Taught Attackers and How to Prepare
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: Ars Technica โ