Malicious npm Packages Deliver Windows RAT

Researchers discovered malicious npm packages posing as PostCSS tools that deliver a Windows remote access trojan. Published by user "abdrizak," the packages deploy a JavaScript dropper, PowerShell script, and Python loader to execute the RAT. The malware steals Chrome credentials, runs shell commands, and communicates with a C2 server.