27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

A spear-phishing campaign has utilized 27 malicious npm packages to host lures that mimic document-sharing and Microsoft sign-in pages, aiming to steal login credentials. These packages were designed to evade detection and leverage npm’s infrastructure for delivery.