Researchers say the GlassWorm campaign used invisible Unicode characters to hide malicious code inside packages and extensions on GitHub, npm, and the VS Code ecosystem, making the payload look like harmless blank space during human review. Aikido Security reported at least 151 GitHub repositories compromised between March 3 and March 9, and said the activity later spread to npm and the VS Code marketplace. The key trick is that the attacker embeds the payload in Unicode variation selectors and related zero-width characters that most editors, terminals, and diffs do not render, then uses a small decoder to reconstruct a Base64 blob and execute it with eval(). Endor Labs’ analysis says the broader GlassWorm campaign has also used developer-focused theft and persistence techniques, including harvesting credentials and tokens, and it notes that the campaign had earlier appeared in malicious npm packages in 2025 before resurfacing in the Open VSX / VS Code extension ecosystem. The story matters because it shows a supply-chain attack that defeats the assumptions behind code review and many standard security tools: if the malicious content is invisible to humans and many scanners, it can slip into widely used developer tooling and propagate through trusted package channels.

AI-generated background, compiled from web sources — not editorial content.

More coverage

Explore the topic

More on malware

Comments