10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Researchers have discovered a set of 10 malicious packages that are designed to deliver an information stealer. The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, and fingerprints victims by IP address.