Invisible malicious code attacks 151 GitHub repos and VS Code — Glassworm attack uses blockchain to steal tokens, credentials, and secrets
Publish Date: 2026-03-14 10:11:00
Source Domain: www.tomshardware.com
Researchers at Aikido Security reported on Friday that they had found at least 151 GitHub repositories compromised by a threat actor tracked as Glassworm, which hides malicious payloads in Unicode characters invisible to the human eye. The affected repositories were compromised between March 3 and March 9, according to the Aikido Security blog, and the campaign has since expanded to npm and the VS Code marketplace.
Go deeper with TH Premium: CPU
(Image credit: Tom’s Hardware)
The technique exploits Unicode Private Use Area characters — specifically, ranges 0xFE00 through 0xFE0F and 0xE0100 through 0xE01EF — which render as zero-width whitespace in virtually every code editor and terminal, and consequently appear as blank space to a developer reviewing a pull request. Meanwhile, a small decoder extracts the hidden bytes and passes them to eval(), executing a full malicious payload.
In past Glassworm incidents, that payload fetched and executed a second-stage script that used the Solana blockchain as a command-and-control channel, capable of stealing tokens, credentials, and secrets.
Article continues below
You may like
Aikido suggests that the 151 repos identified are likely a fraction of the total, since many had already been deleted before the research was published. Among the notable targets are repositories from Wasmer, Reworm, and anomalyco, the organization behind OpenCode and SST. The same decoder pattern also appeared in at least two npm packages and one VS Code extension uploaded on March 12.
Unfortunately, this most recent Glassworm campaign is harder to counter than previous iterations due to the sophistication of the malicious injections. Instead of showing up as obviously suspicious commits, they’re taking the form of version bumps and small refactors that are “stylistically consistent with each target project.” Aikido says it suspects the attackers are using large language models to generate this…
