March 15, 2026
Haunted backticks, angry devs
Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories
Invisible code sneaks into apps as devs bicker over blame, 'eval,' and GitHub's duty
TLDR: Glassworm is hiding malware with invisible characters across GitHub, npm, and VS Code, hitting 150+ projects. Commenters split between blaming risky code like eval, demanding platform scans for zero‑width text, and fearing AI‑assisted cover commits—this matters because one sneaky change can taint countless apps downstream.
Ghost code is back—and devs are losing it. The Glassworm crew is stuffing invisible Unicode into what looks like empty strings, then popping malware when the app runs. This new wave has splashed across GitHub, npm, and VS Code, even touching known projects like Wasmer and OpenCode. Search shows 150+ repos hit.
Comments? Pure chaos. One camp chants “ban eval,” with minus7 declaring the red flag obvious. Another pile-on asks why antivirus doesn’t just catch it—DropDead’s “it’s just text files” jab sparked a whole “isn’t this your job?” brawl. The biggest fight: who’s responsible? btown says GitHub should scan for zero‑width characters like it does for secrets; others fire back that maintainers must guard their own doors.
Then there’s the AI twist. The cover commits look eerily legit—doc tweaks, version bumps, tidy refactors—so many believe large language models are ghost‑writing the camouflage. faangguyindia wonders if script kiddies just leveled up with LLMs. Jokes flew about “haunted backticks,” “ghost emoji payloads,” and zero‑width spaces causing zero chill. Hacker News threads are already buzzing: thread 1, thread 2. Under the memes is a sobering point: one sneaky commit can poison the software supply chain downstream.
Key Points
- •A renewed Glassworm campaign is hiding payloads with invisible Unicode in source code and has hit GitHub, npm, and the VS Code marketplace.
- •At least 151 GitHub repositories match the decoder pattern; compromises occurred between March 3 and March 9, 2026.
- •Notable affected repositories include projects from Wasmer, Reworm, and anomalyco’s opencode-bench.
- •The technique embeds payloads via PUA Unicode in seemingly empty JavaScript strings, decodes bytes, and executes via eval/Buffer.from; past payloads fetched second-stage code via Solana.
- •The campaign expanded across ecosystems with specific npm packages and a VS Code extension published on March 12, 2026, and shows realistic cover commits that the article suggests may be LLM-generated.