"The code points represent every letter of the US alphabet when fed to computers, but their output is completely invisible to humans. People reviewing code or using static analysis tools see only whitespace or blank lines. To a JavaScript interpreter, the code points translate into executable code."
"The backtick string passed to s() looks empty in every viewer, but it's packed with invisible characters that, once decoded, produce a full malicious payload. In past incidents, that decoded payload fetched and executed a second-stage script using Solana as a delivery channel, capable of stealing tokens, credentials, and secrets."
"While the text was invisible to humans and text scanners, LLMs had little trouble reading them and following the malicious instructions they conveyed. AI engines have since devised guardrails that are designed to restrict usage of the characters, but such defenses are periodically overridden."
Invisible Unicode code points from Public Use Areas in the Unicode specification can represent executable code while appearing as blank space to human reviewers and static analysis tools. Originally devised decades ago, this technique was repurposed in 2024 by attackers to conceal malicious prompts targeting AI engines. Large language models easily read and executed these hidden instructions despite human invisibility. The technique has since expanded to traditional malware attacks, where invisible characters encode payloads that decode during JavaScript runtime and execute via eval() functions. Researchers discovered 151 malicious packages using this method across GitHub, npm, and VS Code marketplace, with payloads capable of stealing tokens, credentials, and secrets through secondary scripts.
#unicode-steganography #malware-obfuscation #ai-security-threats #supply-chain-attacks #javascript-exploitation
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]