Glassworm Supply-Chain Attack Returns: 151+ GitHub Repos Hit with Invisible Unicode Malware

Aikido Security discovered a new wave of the Glassworm supply-chain attack campaign hitting 151+ GitHub repositories, npm packages, and VS Code extensions between March 3-9. Attackers embed invisible Unicode characters that evade visual code review and execute malicious payloads via JavaScript eval(). The campaign targets high-value repositories including Wasmer, Reworm, and OpenCode, using AI-generated commits for camouflage.

Key Takeaways

• 151+ GitHub repositories compromised with invisible Unicode injection (FE00-FE0F and E0100-E01EF character ranges)
• Attack also hit npm (@aifabrix/miso-client v4.7.2, @iflow-mcp/watercrawl 1.3.0-1.3.4) and VS Code (quartz.quartz-markdown-editor v0.3.0)
• Attackers use AI-generated commits with realistic documentation tweaks and bug fixes to blend into project history

Original source: Aikido Security