Invisible Characters
ID |
invisible_chars |
Severity |
low |
Resource |
System |
Tags |
backdoor, trojan |
Description
This detector looks for invisible characters in source code that could indicate source obfuscation or a supply chain attack.
Rationale
Using Unicode invisible chars has been probed to be potentially dangerous, in many ways.
When they are consciously used, they increase code complexity since they may be hidden in the IDE under certain configurations.
However, the real problematic side of the problem comes when their usage is introduced to create a potential backdoor that under certain circumstances could be used to achieve arbitrary code execution.
Unicode is aware of this problematic and is forming a task force to investigate issues with source code spoofing.
Related Malware campaigns
These are some popular campaigns using this technique:
-
Volgmeris a backdoor Trojan designed to provide covert access to a compromised system. It has been used since at least 2013 to target the government, financial, automotive, and media industries.