Security · 9h ago
Malicious npm Packages Disguised as PostCSS Tools Drop Windows RAT
Researchers found three malicious npm packages posing as PostCSS tools that deliver a Windows remote access trojan. The packages—aes-decode-runner-pro, postcss-minify-selector, and postcss-minify-selector-parser—were downloaded 145, 256, and 615 times respectively. All were published over the past month by the same npm user.
Meridian48 take
The relatively low download counts suggest limited impact, but the attack highlights ongoing risks in the npm ecosystem where typosquatting and dependency confusion remain viable vectors.
Read the full reporting
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT →
The Hacker News
npmsupply-chain-attack