TH16102
Detected presence of files containing bidirectional Unicode control characters.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | low | high | None | None |
About the issueโ
Unicode is a text encoding standard designed to support the use of text written in all of the major languages and writing systems. While most languages are written from left to right, some are written in alternative directions. To accommodate encoding text written in such languages, the Unicode standard includes a number of special characters that allow the text direction to be specified. However, changing text direction can have adverse effects on how the encoded text is displayed and interpreted. For this reason, bidirectional Unicode control characters are commonly abused by malicious actors as a means of bypassing security solutions and avoiding detection. While presence of special Unicode characters does not imply malicious intent, all of its uses in a software package should be documented and approved. One example of acceptable use for these special characters is in script files that parse, validate, and transform Unicode-encoded text.
How to resolve the issueโ
- Investigate reported detections as indicators of software tampering.
- Consult Mitre ATT&CK documentation: T1036.002 - Masquerading: Right-to-Left Override.
- Consult publicly available materials on the Trojan Source vulnerability.
Recommended readingโ
- T1036.002 - Masquerading: Right-to-Left Override (External resource - Mitre ATT&CK documentation)
- Bidirectional text (External resource - Wikipedia)