Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
Category: hacker-news
Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems.