Malicious npm Packages Deliver Windows RAT via PostCSS Impersonation

A malicious npm package named postcss-minify-selector-parser has been discovered, masquerading as a legitimate PostCSS utility. This package is delivering a multi-stage Windows remote access trojan (RAT). It mimics the widely used postcss-selector-parser library, which has over 150 million weekly downloads, by reusing similar keywords. The attack targets developers using npm, potentially compromising their systems. The malicious package exploits the trust placed in popular libraries, leading to significant risks for users. Current reports indicate that the package has been identified and flagged, but the full extent of the impact is still being assessed. Users are advised to check their dependencies for this malicious package.

Key Points: • Malicious npm package mimics legitimate PostCSS utility to deliver a RAT. • The package has over 150 million weekly downloads, increasing its risk exposure. • Developers using npm are the primary targets of this attack.