BleepingComputer reports that three malicious NPM packages mimicking NodeJS libraries, which have accumulated more than 1,200 downloads during the past two months, have been distributing the TurkoRAT information-stealing malware.
Article Link: TurkoRAT malware lurking in NPM packages | SC Media