Skip to content
Tech News
← Back to articles

Supply-chain attack using invisible code hits GitHub and other repositories

2026-03-13 | original
read original get GitHub Security Monitoring Tool → more articles
Why This Matters

The recent supply-chain attack exploiting invisible code techniques highlights a growing sophistication in malicious package distribution, making traditional detection methods ineffective. This poses significant risks to developers and consumers by increasing the likelihood of compromised software and security breaches. The attack underscores the urgent need for enhanced detection tools and stricter security practices in software supply chains.

Key Takeaways

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to detect such threats.

The researchers, from firm Aikido Security, said Friday that they found 151 malicious packages that were uploaded to GitHub from March 3 to March 9. Such supply-chain attacks have been common for nearly a decade. They usually work by uploading malicious packages with code and names that closely resemble those of widely used code libraries, with the objective of tricking developers into mistakenly incorporating the former into their software. In some cases, these malicious packages are downloaded thousands of times.

Defenses see nothing. Decoders see executable code

The packages Aikido found this month have adopted a newer technique: selective use of code that isn’t visible when loaded into virtually all editors, terminals, and code review interfaces. While most of the code appears in normal, readable form, malicious functions and payloads—the usual telltale signs of malice—are rendered in unicode characters that are invisible to the human eye. The tactic, which Aikido said it first spotted last year, makes manual code reviews and other traditional defenses nearly useless. Other repositories hit in these attacks include NPM and Open VSX.

The malicious packages are even harder to detect because of the high quality of their visible portions.

“The malicious injections don’t arrive in obviously suspicious commits,” Aikido researchers wrote. “The surrounding changes are realistic: documentation tweaks, version bumps, small refactors, and bug fixes that are stylistically consistent with each target project.”

The researchers suspect that Glassworm—the name they assigned to the attack group—is using LLMs to generate these convincingly legitimate-appearing packages. “At the scale we’re now seeing, manual crafting of 151+ bespoke code changes across different codebases simply isn’t feasible,” they explained. Fellow security firm Koi, which has also been tracking the same group, said it, too, suspects the group is using AI.

Explore topics: github npm aikido security open vsx supply-chain attack
Related:
The wild six weeks for NanoClaw's creator that led to a deal with Docker
The wild six weeks for NanoClaw’s creator that led to a deal with Docker
Vite 8.0 Is Out
Show HN: Rudel – Claude Code Session Analytics
We found out what the AYANEO Pocket DS is actually doing with all your data

© 2026 GoKawiil

About | Editorial Policy | Contact