Bleeping Computer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...
TechRadar

Those Roblox npm downloads could be infected with malware

Cybersecurity researchers have once again found (and eradicated) malicious npm packages, this time delivering ransomware and password-stealing trojans on unsuspecting users. Pretending to be Roblox ...