Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Researchers have identified three malicious npm packages containing a new malware called NodeCordRAT, which steals credentials and cryptocurrency seed phrases via Discord for command and control. The malware, disguised in Bitcoin-themed packages, was removed from npm in November 2025.