New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects. The packages were called ‘jdb’ and ‘db-json.js’ and have been removed by NPM. Each package was downloaded about a hundred times each, but Sonatype’s Ax Sharma told BleepingComputer that they believe they caught them before they could be put to full use.
Source: https://www.bleepingcomputer.com/news/microsoft/malicious-npm-packages-used-to-install-njrat-remote-access-trojan/