Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets

A coordinated malicious npm campaign has targeted developers by distributing over 2.7 million downloads of compromised packages designed to steal SSH keys, API tokens, and cloud credentials. Researchers identified that these packages exploit npm lifecycle hooks to silently exfiltrate sensitive data from developer workstations and CI/CD pipelines.