Researchers at ReversingLabs have disclosed their findings on two malicious npm packages that secretly steal passwords from your Chrome web browser. The packages have been sitting on the npm registry since 2018 and scored over 2,000 total downloads at the time of writing. The malware targets Windows machines to steal user credentials and also sets up a persistent remote backdoor for the attacker to conduct surveillance activities. NPM has removed the package in accordance with GitHub’s acceptable use policy regarding malware, as outlined in its Open-Source Terms.
Source: https://www.bleepingcomputer.com/news/security/npm-package-steals-chrome-passwords-on-windows-via-recovery-tool/