Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords
Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords
Wed Jun 24 2026
Malware
hackread.com
JFrog warns of malicious npm packages that mimic PostCSS tooling, drop a Windows RAT, and target Chrome-stored passwords through a staged infection setup route.