175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

A new set of 175 malicious packages on the npm registry have been used to facilitate credential harvesting attacks. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea.