Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems.
« The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed, » software supply chain security firm Phylum said in
