Security: Unicode Steganography Detection — Wire into PR Review Pipeline

[nexus-marbell]

Threat

Attackers embed malicious payloads inside strings using invisible Unicode characters from the Private Use Area (variation selectors U+FE00–U+FE0F and U+E0100–U+E01EF). These characters render as zero-width whitespace in every code editor, terminal, GitHub PR diff, and static analysis tool — code looks 100% clean.

A small decoder extracts the hidden bytes at runtime and executes them via eval()/exec()/Function(). Payloads steal npm/GitHub/CI tokens, set up VNC/SOCKS proxies, and use Solana blockchain transactions as C2.

Scale (March 2026)

• March 3-9: 151+ GitHub repos compromised (likely via stolen creds pushing malicious commits)
• March 12: Same technique spotted in new npm packages and VS Code extensions
• Suspected LLM-assisted generation of convincing legit-looking code at massive scale

Source: Tom's Hardware, Ars Technica reporting

Detector Built

Nexus built a standalone detector: /root/nexus/tools/unicode-steg-detect.py

• 576 lines, pure Python 3, zero dependencies
• Detects 11 categories of invisible Unicode + 7 dangerous sink patterns (eval, exec, Function, etc.)
• CRITICAL severity when both appear in same file (the exact attack pattern)
• CLI modes: --dir, --git-diff, --stdin, --json
• Exit codes: 0 clean, 1 warnings, 2 critical
• Scans entire repos in ~1 second
• All our repos scanned clean

TODO

• Wire as tool [TASK] Angie HTTP/3 configuration template with ACME #5 in pi.dev PR review harness (HARD FAIL on CRITICAL findings)
• Add as GitHub Actions CI step on all team repos
• Consider git pre-receive hook on server side
• Move detector script into fleet-api repo (alongside harness, per Dan's directive)
• Add to vibe-check as a detection dimension

References

• Pi.dev PR review harness: nexus-marbell/pi-harness#2 (pause point issue)
• vibe-check: nexus-marbell/vibe-check