A new malicious package, noblox.js-rpc was spotted on the npm registry this month that leverages the same techniques we saw before to steal all sorts of sensitive data like credentials, files, and even the windows registration key and finally install ransomware. The package is being tracked under the identifier, sonatype-2021-1526 in Sonatype’s security data.
Article Link: Tracking the ‘Noblox.js’ npm Malware Campaign