Cybersecurity researchers uncover GitHub campaign with invisible malicious code

Cybersecurity researchers have uncovered a large-scale campaign where attackers are posting GitHub projects containing hidden malicious code. These repositories use special Unicode characters that are nearly impossible to spot during a visual code review. To developers, they appear as empty spaces or lines, but when processed by an interpreter, this code can decode correctly and execute harmful actions.

According to experts at Aikido Security, at least 151 packages prepared in this manner appeared on the platform between March 3 and March 9. These projects often masquerade as popular libraries or well-known software tools, increasing the chance that developers might accidentally use them. At first glance, the code looks safe and readable, but dangerous functions are concealed within sequences of invisible characters, making traditional manual checks ineffective at detecting the threat. Similar findings have already been documented on other platforms, including NPM, Open VSX, and the VS Code extensions marketplace.

Experts link the campaign to a group tentatively named Glassworm. Identifying its members is extremely difficult because the repositories look highly plausible. They regularly feature documentation updates, version changes, bug fixes, and code refactoring—all mimicking active project development. Specialists suggest that to create a large volume of such realistic changes, the attackers might have used generative AI models.

Technically, the attack exploits the fact that some Unicode characters are visually indistinguishable from empty spaces but can be interpreted as Latin alphabet characters. As a result, a small built-in decoder extracts actual bytes from these symbols and passes them to a code execution function. The discovered projects may represent only a small part of the entire campaign, researchers note, since malicious packages are often removed after they have garnered enough downloads.