Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
« Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers, » Sonatype researcher Ax Sharma said. « However, […] the latest