Cybersecurity researchers have discovered a set of 10
malicious npm packages that are designed to deliver an information
stealer targeting Windows, Linux, and macOS systems. "The malware
uses four layers of obfuscation to hide its payload, displays a
fake CAPTCHA to appear legitimate, fingerprints victims by IP
address, and downloads a 24MB PyInstaller-packaged information
stealer that harvests
Read more https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html
