Post #8666

@thehackernews

The Hacker News

Views9,310Post view count

PostedMar 2403/24/2026, 05:52 PM

Post content

🚨 Attackers are abusing npm and GitHub to deliver malware disguised as dev tools. Sudo password phishing during install triggers a multi-stage chain that deploys a RAT, stealing crypto wallets, credentials, SSH keys, and tokens. 🔗 Read → https://thehackernews.com/2026/03/ghost-campaign-uses-7-npm-packages-to.html