Malicious NPM Package Uses Steganography to Deliver .NET Malware

Malicious NPM Package Uses Steganography to Deliver .NET Malware

First seen 24 Feb 2026, 15:11 UTC ScworldCybersecuritynews 78% similarity 52.2

Article Content

Browse articles
ThreatCluster

A malicious NPM package named 'buildrunner-dev' has been discovered to hide .NET malware within PNG images using steganography, allowing it to evade antivirus detection. This attack targets software developers, leveraging a typosquatting technique to deceive users into downloading the harmful package. Upon installation, it executes a script that delivers a Remote Access Trojan to Windows systems.

ThreatCluster AI

Timeline

2026-02-01
Malicious package 'buildrunner-dev' discovered
2026-02-24
Cybersecurity articles published detailing the attack

Community

Browse all →