Zero-width characters used as exploit code

[shay walters]

I don't personally use the tools described in this article, but it
sounds like something nearly as severe as the "xz" attack about a year
ago. The article isn't dated April 1st. It's partially behind a
paywall. I dunno... something seems wrong here. I haven't heard of
this anywhere else, but the article is about 3 weeks old, so I'm
wondering if it's really real.

https://canartuc.medium.com/every-line-looked-clean-the-malware-was-hiding-in-characters-no-editor-on-earth-can-render-763146b030eb

-Shay

[an li]

Shay,

This is real.  I don't think this affects as many packages as the XZ supply chain attack, but it is still an issue.  Low Level did a video that explains this issue and details some of the tactics, techniques, and procedures of the threat actors leveraging this vulnerability, diving specifically into C2(command and control). https://www.youtube.com/watch?v=ZrD9MC_BXGk 

--
You received this message because you are subscribed to the Google Groups "Upstate Carolina Linux Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uclug+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/uclug/CAKdjT5LGXnYjjLUh1gg3-cu%2BNhVqYu%2BiATGujf6__4S0A862Rw%40mail.gmail.com.

[Bill Jacqmein]

Zero Width attacks have been there.
https://isc.sans.edu/diary/31626

https://www.knostic.ai/blog/zero-width-unicode-characters-risks

https://stegzero.com/ - And some stegonography in this vien as well.

Along with a ton of tools (some AI driven) to prevent (or attempt prevention?).
https://cleanpaste.site/invisible-chars

https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/ - And
it has been used in prompt injection.

> To view this discussion visit https://groups.google.com/d/msgid/uclug/CAChfWCAE3w%2BT0bgi7vUt2ZqPYwmEUmNwo39EKpTpSuEkjf1dyA%40mail.gmail.com.