Hackers Push 22 Versions of npm RAT With Wallet Theft and Persistent Backdoor
Source: Cybersecuritynews
Published:
<p>A malicious npm package called forge-jsxy has been quietly stealing cryptocurrency wallet keys, browser credentials, and sensitive developer data across Windows, macOS, and Linux systems. Published to the npm registry on May 4, 2026, it pushed out 22 versions in 22 days, making it one of the most