reworm - isotope¹³

Incident Summary

Glassworm Unicode Attack on reworm repo

The Glassworm threat actor compromised the pedronauck/reworm GitHub repository and blended malicious code into realistic-looking commits. Invisible PUA Unicode characters hid the payload from casual review, making the repository appear ordinary while its source carried credential-stealing logic beneath the text.

Date: 2026-03-03 to 2026-03-09
Category: Open Source
Target Surface: Revision control
Insertion Phase: source
Impact: Credential theft
Cause: Compromised Account/Credentials

What Was Affected

Package reworm

LanguageJavaScript

ComponentLibrary

Artifact typerevision control system

Domain typecode host

Domain github.com

Repository github.com/pedronauck/reworm

Incident Context

Motive: Credential Theft
Attribution: Third Party
Transitive: No
User Impact: 1460
Observed Duration: 6 days

External References

aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode

Source Data

Source record: oss/reworm/meta.yaml