Invisible Code Supply-Chain Attack Hits GitHub Repositories
▼ Summary
– Researchers discovered a supply-chain attack involving 151 malicious packages uploaded to GitHub in March 2026.
– These attacks typically trick developers by uploading malicious packages that closely resemble legitimate, widely used code libraries.
– The new technique uses invisible Unicode characters to hide malicious functions, making them undetectable in most editors and code reviews.
– This invisible code tactic bypasses traditional defenses like manual code reviews, which cannot see the hidden payloads.
– The attack has also affected other repositories, including NPM and Open VSX, building on a method first observed the previous year.
A recent wave of sophisticated supply-chain attacks has compromised numerous GitHub repositories by embedding malicious code that remains invisible to standard developer tools and human reviewers. This stealthy approach effectively bypasses conventional security measures designed to spot suspicious packages, posing a significant new threat to software development ecosystems. Security researchers have identified over 150 such packages uploaded in a single week, highlighting the growing scale and ingenuity of these campaigns.
These attacks are not a new phenomenon; for nearly a decade, threat actors have polluted code repositories with packages that mimic the names and appearances of legitimate, widely-used libraries. The goal is to trick developers into accidentally including these malicious dependencies in their projects, potentially leading to thousands of unintended downloads. The traditional defense has relied on manual code reviews and automated scanners looking for known malicious signatures within the visible code.
The latest iteration of this threat employs a clever evasion technique: using Unicode characters that are rendered as invisible text. When a developer opens one of these compromised packages in a standard code editor, terminal, or review interface, the harmful functions and payloads simply do not appear on screen. While the bulk of the code looks normal and readable, the dangerous components are hidden in plain sight, encoded in a way that is undetectable to the human eye. This makes manual inspection virtually useless and allows the malicious code to execute once the package is run.
Security firm Aikido Security, which first observed this method last year in a different campaign, reported discovering the 151 malicious GitHub packages in early March. The attackers have also targeted other major repositories, including NPM and Open VSX, indicating a broad and coordinated effort. By exploiting this visibility gap, they have created a potent new vector for infiltrating software supply chains, leaving many traditional defenses blind to the actual threat lurking within the code.
(Source: Ars Technica)
