{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/unicode-encoding/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["supply-chain","credential-theft","unicode-encoding"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe GlassWorm campaign, active since October 2025, targets software supply chains through malicious code concealed using Unicode variation selectors. This technique renders the payload virtually invisible in standard editors and code review processes. The attackers rotate extension IDs, npm package names, wallet addresses, and C2 infrastructure across multiple waves. A decoder component extracts the hidden bytes and executes them via \u003ccode\u003eeval()\u003c/code\u003e or \u003ccode\u003eFunction()\u003c/code\u003e. The malware queries a Solana wallet to dynamically retrieve C2 URLs and proceeds to steal sensitive information, including \u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.git-credentials\u003c/code\u003e, SSH keys (\u003ccode\u003eid_rsa\u003c/code\u003e, \u003ccode\u003eid_ed25519\u003c/code\u003e), and token environment variables such as \u003ccode\u003eNPM_TOKEN\u003c/code\u003e, \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e, and \u003ccode\u003eOPEN_VSX_TOKEN\u003c/code\u003e. Wave 5, observed in March, compromised over 150 GitHub repositories, 72 Open VSX extensions, and 4 npm packages. Defenders relying solely on IOC-based detections may struggle to keep pace with the rapid evolution of this threat.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eMalicious code is injected into a software supply chain component (VS Code extension, npm package, etc.).\u003c/li\u003e\n\u003cli\u003eThe payload is encoded using Unicode variation selectors, rendering it nearly invisible.\u003c/li\u003e\n\u003cli\u003eThe victim installs or incorporates the compromised component into their development environment.\u003c/li\u003e\n\u003cli\u003eA decoder routine within the payload utilizes \u003ccode\u003ecodePointAt()\u003c/code\u003e with arithmetic against \u003ccode\u003e0xFE00/0xE0100\u003c/code\u003e to reconstruct the original bytecode.\u003c/li\u003e\n\u003cli\u003eThe decoded bytecode is executed using \u003ccode\u003eeval()\u003c/code\u003e or \u003ccode\u003eFunction()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe executed code queries a Solana wallet using RPC methods (\u003ccode\u003egetTransaction\u003c/code\u003e, \u003ccode\u003egetSignaturesForAddress\u003c/code\u003e) to retrieve C2 URLs.\u003c/li\u003e\n\u003cli\u003eThe malware targets files such as \u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.git-credentials\u003c/code\u003e, \u003ccode\u003eid_rsa\u003c/code\u003e, and \u003ccode\u003eid_ed25519\u003c/code\u003e for credential theft.\u003c/li\u003e\n\u003cli\u003eStolen credentials and token environment variables (\u003ccode\u003eNPM_TOKEN\u003c/code\u003e, \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e, \u003ccode\u003eOPEN_VSX_TOKEN\u003c/code\u003e) are exfiltrated to the C2 server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe GlassWorm campaign has successfully compromised over 150 GitHub repositories, 72 Open VSX extensions, and 4 npm packages in Wave 5 alone. Successful attacks can lead to the theft of sensitive credentials, potentially granting attackers unauthorized access to code repositories, package management accounts, and other critical infrastructure. This, in turn, can enable further supply chain attacks or intellectual property theft.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement the Unicode payload detection rule to identify suspicious densities of Unicode variation selector clusters in source code (see \u0026ldquo;Unicode Payload Detection\u0026rdquo; rule below).\u003c/li\u003e\n\u003cli\u003eDeploy the decoder detection rule to flag code patterns that use \u003ccode\u003ecodePointAt()\u003c/code\u003e with specific arithmetic operations followed by \u003ccode\u003eeval()\u003c/code\u003e or \u003ccode\u003eFunction()\u003c/code\u003e calls (see \u0026ldquo;GlassWorm Decoder Detection\u0026rdquo; rule below).\u003c/li\u003e\n\u003cli\u003eMonitor for network connections originating from non-blockchain applications using Solana RPC methods (\u003ccode\u003egetTransaction\u003c/code\u003e, \u003ccode\u003egetSignaturesForAddress\u003c/code\u003e), as described in the overview, to identify potential C2 activity.\u003c/li\u003e\n\u003cli\u003eImplement access controls and monitoring for sensitive files like \u003ccode\u003e.npmrc\u003c/code\u003e, \u003ccode\u003e.git-credentials\u003c/code\u003e, and SSH keys as described in the overview.\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003eglassworm-hunter\u003c/code\u003e tool linked in the references section to scan VS Code extensions, node_modules, pip site-packages, and git repos.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T14:30:00Z","date_published":"2026-03-24T14:30:00Z","id":"/briefs/2026-03-glassworm-supply-chain/","summary":"The GlassWorm campaign employs Unicode variation selectors to conceal malicious code within supply chain artifacts, subsequently querying a Solana wallet for C2 URLs and exfiltrating sensitive credentials.","title":"GlassWorm Supply Chain Attack Using Unicode Encoding and Credential Theft","url":"https://feed.craftedsignal.io/briefs/2026-03-glassworm-supply-chain/"}],"language":"en","title":"CraftedSignal Threat Feed — Unicode-Encoding","version":"https://jsonfeed.org/version/1.1"}