Malicious npm Packages Flood Registry in Supply Chain Attack

Threat actors have continued to flood the npm registry with 197 more malicious packages since last month. These packages, designed to deliver a variant of OtterCookie, have been downloaded over 31,000 times. The malware evades sandboxes, profiles the machine, and establishes a command-and-control channel to steal sensitive data. The campaign, known as Contagious Interview, targets blockchain and Web3 developers through fake job interviews and test assignments.