A New Breed of Supply-Chain Threat
Security researchers at Aikido Security have uncovered a sophisticated supply-chain attack that leverages invisible Unicode characters to smuggle malicious code into open-source repositories. Between March 3 and March 9, the firm identified 151 malicious packages uploaded to GitHub, NPM, and Open VSX that contained executable payloads rendered completely invisible in standard code editors, terminals, and review interfaces.
The technique represents a significant evolution in how attackers target the software supply chain. While supply-chain attacks have been a persistent threat for nearly a decade, typically relying on typosquatting or name confusion to trick developers, this latest campaign adds an additional layer of deception that renders traditional manual code reviews effectively useless.
How the Invisible Code Works
The attack exploits a category of Unicode characters that have no visible representation when displayed in text editors, terminal emulators, or web-based code review platforms like GitHub's pull request interface. While the bulk of each malicious package appears as normal, readable code, critical malicious functions and their payloads are encoded using these invisible characters.
When a developer inspects the code visually or uses standard diff tools, the malicious portions simply do not appear. However, when the code is parsed and executed by JavaScript engines or Python interpreters, the invisible characters are decoded and the hidden payload runs alongside the legitimate-looking code.
This approach effectively creates a dual reality: human reviewers and many automated scanning tools see clean code, while the runtime environment executes a completely different set of instructions that can exfiltrate credentials, install backdoors, or compromise development environments.
