Open-Source Infostealer RAT Hidden in Malicious NPM Packages

ICYMI: TurkoRat Capable of Credential Harvesting, Possesses Features Like Wallet Grabber
Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source infostealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.
http://dlvr.it/SpP2LS