Скачать или смотреть Insane malware hidden with invisible Unicode and Google Calendar invites!

In this video, we uncover one of the most bizarre and sophisticated supply chain attacks we’ve seen so far — involving Unicode PUA characters, base64 obfuscation, and Google Calendar invites as malware delivery vehicles. 🕵️‍♂️

🔍 What we found:

An NPM package called os-info-checker-es6 hiding malicious logic behind invisible characters.
Use of eval(atob(...)) patterns to silently execute obfuscated code.
Malware delivered through a Google Calendar link embedded in a fake package update.
A payload delivery chain that uses base64 strings encoded inside calendar event titles to fetch malicious domains.

⚠️ What makes this even scarier? This package has dependents that look professional, giving the attack a supply chain infection vector. The attackers seem to be preparing for a large-scale deployment... but we caught them in the act.
Indicators of Compromise (IOCs), technical deep dive, and decoded examples are all covered in this video.

🛡️ Stay safe, stay vigilant—and don’t trust every NPM package!

Read more about it on our blog https://www.aikido.dev/blog/youre-inv...

#Malware #SupplyChainAttack #InfoSec #JavaScript #NodeJS #NPM #Obfuscation #CyberSecurity #GoogleCalendarExploit