Bleeping Computer

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...
ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
CSOonline

North Korean cyberspies trick developers into installing malware with fake job interviews

Once accepted, the attackers tell developers to download a Node.js project as part of a practical test. The trojanized project on launch deploys a RAT and infostealer malware targeting all major OS ...