This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things to the malicious “fallguys” npm package discovered in September (those were stealing web browser files and Discord gaming IMs).
Article Link: https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-