TGTGInsighttelegram intelligenceLIVE / telegram public index
← The Hacker News
The Hacker News avatar

TGINSIGHT POST

Post #8173

@thehackernews

The Hacker News

Views8,940Post view count
PostedJan 801/08/2026, 10:35 AM
Post content

Post content

🚨 Three npm pkgs posing as bitcoinjs tools found spreading NodeCordRAT. Postinstall scripts chained a 2nd pkg to drop the payload, steal Chrome creds, API tokens, and crypto wallet seed phrases, and run commands via Discord C2 on Win/Linux/macOS. 🔗 Details → https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html