Researchers spotted four suspicious packages in the npm repository, which contained highly obfuscated malicious JS and Python code. Dubbed LofyLife, the campaign steals Discord tokens and payment card information. They are still monitoring updates to npm repositories to make sure all new malicious packages spreading these malware strains are detected and stopped.
Support the originator by clicking the read the rest link below.