Similar to the Shai Hulud attack, but with more sofisticated C2 (blockchain, Google Calendar). It also uses Unicode characters to hide source code in IDEs, harvests ecosystem credentials to infect and publish new versions of packages you have access to, and more.
Previously submitted at https://news.ycombinator.com/item?id=45647853
How is the invisible code done? Writing Unicode variant selectors VS1–VS256 and then letting them get interpreted as normal Unicode chars? I do not come to it how it is not visible and selectable but still gets executed like normal...