Malicious NPM Package Hides Pulsar .NET Malware Inside PNG Images

A suspicious NPM package named buildrunner-dev was discovered, containing a postinstall hook that executes an init.js script upon installation. This script drops a batch file (packageloader.bat) with heavy obfuscation, including nonsensical variable names and comments. The attack chain conceals its payload within the RGB pixel values of PNG images hosted on a free image service.