A new attack has hit Bitcoin and crypto developers, with ten npm packages unexpectedly updated on March 27, 2025, to include malicious code designed to harvest sensitive data from unsuspecting users.
This infostealer campaign, uncovered by Sonatype researcher Ali ElShakankiry, focuses on pilfering environment variables, which often hold critical information