Malicious npm and VS Code Packages Exploiting Developers and Stealing Data
Originally Published 7 months ago — by The Hacker News
Researchers have uncovered over 70 malicious npm and VS Code packages used for data theft, cryptomining, and destructive payloads, with threat actors deploying sophisticated techniques including masquerading as legitimate tools, evading sandbox detection, and using multi-stage infection chains to compromise developers' systems and steal sensitive information.