Invisible malicious code attacks 151 GitHub repos and VS Code — Glassworm attack uses blockchain to steal tokens, credentials, and secrets

Researchers at Aikido Security discovered that 151 GitHub repositories were infiltrated by Glassworm, a threat actor using invisible Unicode characters to hide malicious code. The attack, which started on March 3, has expanded to npm and the VS Code marketplace. The malicious code, when executed, can steal tokens, credentials, and secrets, with the payload using the Solana blockchain for command-and-control. Aikido advises caution when incorporating packages and suggests using automated tools to detect invisible Unicode injections.