Detecting Invisible Code: A 30-Line Scanner for Unicode Steganography

Steganography is older than computers. Invisible ink, microdots, messages carved under wax tablets — humans have been hiding data in plain sight for millennia. What's new is that your package manager will run it for you. There's a class of malware that hides executable payloads in characters you literally cannot see. Not obfuscated. Not minified. Invisible. The code is there — your editor just doesn't render it. How It Works Unicode has hundreds of characters that take up zero visual space: zero-width spaces (U+200B), zero-width joiners (U+200D), variation selectors (U+FE00-FE0F), and others. Normally harmless. But string them together in a specific pattern and you can encode arbitrary binary data. The attack: Attacker publishes an npm package (or any repo) with what looks like normal code Buried in a string literal is a long sequence of invisible Unicode characters A small decoder function maps those characters back to executable JavaScript eval() runs it Your editor shows a normal-lo

Detecting Invisible Code: A 30-Line Scanner for Unicode Steganography

Related Articles

Amazon just bought a startup making kid-size humanoid robots

The Fragile Thread

Accel, Prosus pick six ‘off-the-map’ startups for inaugural India cohort

Quantum Supremacy vs. Quantum Advantage: State of The Union

Instagram and Facebook are about to be filled with affiliate content

Related Articles

News
Amazon just bought a startup making kid-size humanoid robots
TechCrunch • 53m ago

News
The Fragile Thread
Medium Programming • 1h ago

News
Accel, Prosus pick six ‘off-the-map’ startups for inaugural India cohort
TechCrunch • 2h ago

News
Quantum Supremacy vs. Quantum Advantage: State of The Union
Medium Programming • 2h ago

News
Instagram and Facebook are about to be filled with affiliate content
The Verge • 2h ago