Multiple npm packages were identified as part of the "Glassworm" campaign, which uses invisible Unicode characters from the Private Use Area (PUA) to encode malicious payloads within seemingly empty strings. The hidden code is decoded at runtime and passed to eval(), executing arbitrary JavaScript that steals tokens, credentials, and secrets.
The attack is particularly dangerous because the malicious payload is invisible in virtually every editor, terminal, and code review interface. The campaign was coordinated across GitHub, npm, and VS Code Marketplace between March 3-9, 2026, using realistic AI-generated cover commits to evade detection.
Attack Vector: Invisible Unicode characters encode malicious JavaScript payloads that are decoded and executed via eval() at runtime.
Impact: Systems installing these packages would unknowingly execute malicious code capable of exfiltrating sensitive data including tokens, credentials, and secrets through second-stage script execution.
4.7.21.3.01.3.11.3.21.3.31.3.4