NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

A malicious NPM package disguised as an Ethereum tool installs Quasar RAT, a remote access trojan, on developer systems. The package, published in December 2024, uses obfuscation and downloads scripts to modify Windows settings, enabling persistence and communication with a command-and-control server. This highlights the need for developers to be vigilant and scrutinize third-party code to prevent malicious actors from infiltrating systems.