Glassworm unicode attack hits 151 repos, npm, VSCode

Invisible-character supply chain attacks are the most insidious class of threat for developers — the code looks clean, passes review, and executes quietly. Glassworm is now running this at ecosystem scale.

• –The attack embeds payloads using Unicode variation selectors (0xFE00–0xFE0F) and Private Use Area characters — visually zero-width, but decoded at runtime by a small stub that calls `eval()`
• –Glassworm specifically targets developer credentials: npm tokens, GitHub tokens, Open VSX creds, and Git credentials — meaning a single compromised dev can propagate the worm to more repos
• –49 different crypto wallet extensions are in scope; Solana blockchain is used for C2, making takedown nearly impossible
• –The multi-ecosystem push (GitHub + npm + VSCode + Open VSX) in a single wave suggests either automation or AI-assisted commit generation to scale the attack
• –Aikido Security's detection tooling is purpose-built to catch invisible Unicode injection — this post doubles as product marketing, but the threat research is solid and independently corroborated by Snyk, Dark Reading, and SecurityWeek