TGTGInsighttelegram intelligenceLIVE / telegram public index
Post content
Post content
🚨 Three npm pkgs posing as bitcoinjs tools found spreading NodeCordRAT. Postinstall scripts chained a 2nd pkg to drop the payload, steal Chrome creds, API tokens, and crypto wallet seed phrases, and run commands via Discord C2 on Win/Linux/macOS. 🔗 Details → https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html