VERY IMPORTANT

A new malicious campaign involving seventeen npm packages has been identified, utilizing Pastebin and text steganography as a dead-drop resolver. The attackers employ a complex decoding mechanism to extract C2 URLs from seemingly benign text on Pastebin. The malware targets multiple platforms, including Windows, macOS, and Linux, downloading and executing platform-specific payloads. The infection chain involves multiple fallback domains hosted on Vercel, demonstrating a sophisticated approach to maintain persistence. This novel technique, along with other recent developments, indicates an accelerated pace of testing and development by the threat actor, suggesting continued iterations in their infection methodologies.