Windows RAT

Researchers found three malicious npm packages posing as PostCSS tools that delivered a Windows remote access trojan. The campaign used a multi-stage install chain to steal Chrome credentials, run commands and contact an external server.