Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

Pulsar

Malicious NPM package hides Pulsar RAT inside PNG images using steganography and obfuscated dropper

Cybercrime, News, Research, Vulnerabilities

February 23, 2026

A malicious NPM package ‘buildrunner-dev’ downloads an obfuscated batch loader and hides encrypted payloads inside PNG images. Extraction recovered a .NET loader and a Pulsar RAT embedded via steganography.

About
Editorial Policy
Privacy
Contact