Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool
![]()
source https://thehackernews.com/2025/01/hackers-deploy-malicious-npm-packages.html
source https://thehackernews.com/2025/01/hackers-deploy-malicious-npm-packages.html