Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

📅 18 May 2026 at 08:57 UTC📰 The Hacker NewsView original source ↗

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte)

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed