Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/InvisibleJS Tool Hides Executable ES Modules in Empty Files Using Zero-Width Steganography
CyberSecurity News

InvisibleJS Tool Hides Executable ES Modules in Empty Files Using Zero-Width Steganography

InvisibleJS, a new open-source tool designed to conceal JavaScript code using invisible zero-width Unicode characters, is raising alarms about its potential for misuse in malware campaigns....

Sarah simpson
Sarah simpson
January 12, 2026 2 Min Read
32 0

InvisibleJS, a new open-source tool designed to conceal JavaScript code using invisible zero-width Unicode characters, is raising alarms about its potential for misuse in malware campaigns.

InvisibleJS, hosted on GitHub by developer With alias oscarmine, employs steganography to embed source code into seemingly blank files. The process converts JavaScript into binary strings, mapping 0s to Zero Width Space (U+200B) and 1s to Zero Width Non-Joiner (U+200C).

A small bootstrap loader then decodes and runs the hidden payload at runtime, making the code invisible to the naked eye in editors like VS Code.

Two Versions for Different Environments

The repository offers Version 1 (Classic with eval), ideal for CommonJS and legacy Node.js setups, supporting require and module.exports natively.

Version 2 (Modern with import) targets ES Modules, using dynamic await import() for top-level await and exports, though it requires .mjs files or “type”: module configuration.

Hiding code is straightforward via CLI:

  • Version 1: node hideV1.mjs -i input.js -o hidden.js
  • Version 2: node hideV2.mjs -i input.js -o hidden.js

Execution follows with node hidden.js, producing normal output despite the blank appearance.

Feature Version 1 (eval) Version 2 (import)
Invisibility 100% 100%
CommonJS Support Native Limited
ESM Support No Full
Top-Level Await No Yes
Execution Synchronous Asynchronous
Decoder Length Short Long

This technique echoes prior zero-width JS proofs-of-concept dating back to 2018, now weaponized in phishing attacks. Attackers have abused similar Unicode obfuscation using Hangul characters for binary to hide payloads in scripts, evading scanners with anti-debug checks.

InvisibleJS could amplify such threats, enabling stealthy malware loaders in Node.js environments or web apps, complicating threat detection.

As obfuscation tools proliferate, security teams must enhance Unicode-aware scanning and behavioral analysis. While pitched experimentally, InvisibleJS underscores the dual-use nature of coding innovations in cybersecurity.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityMalwarephishingSecurityThreat

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Threat actors Allegedly Claim Discord Dataset Containing 78,541,207 Files

Next Post

Hackers Infiltrated n8n’s Community Node Ecosystem With a Weaponized npm Package

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us