Malicious packages disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines. The malicious packages are dubbed okhsa – cataloged as Sonatype-2021-1473 – and klow and klown – catalogued as SonAtype-2020-1472. The researchers attributed the ownership of the malicious packages to an author whose account is currently deactivated, the report notes. The NotPetya and SolarWinds Orion attacks are not limited to commercial software updates.”]
Source: https://www.cuinfosecurity.com/malicious-packages-disguised-as-javascript-libraries-found-a-17782