Cybersecuritynews
Malicious NPM Package Uses Steganography to Deliver .NET Malware
First seen 24 Feb 2026, 15:11 UTC
•
•78% similarity
•52.2
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A malicious NPM package named 'buildrunner-dev' has been discovered to hide .NET malware within PNG images using steganography, allowing it to evade antivirus detection. This attack targets software developers, leveraging a typosquatting technique to deceive users into downloading the harmful package. Upon installation, it executes a script that delivers a Remote Access Trojan to Windows systems.
ThreatCluster AI
Timeline
2026-02-01
Malicious package 'buildrunner-dev' discovered
2026-02-24
Cybersecurity articles published detailing the attack