Malicious npm Package Impersonates postcss-selector-parser to Deliver Windows RAT

JFrog security researchers identified an npm package masquerading as postcss-selector-parser that delivers a multi-stage Windows remote access trojan (RAT). The malicious package was designed to impersonate a legitimate dependency, targeting developers who unknowingly install it. The attack chain involves multiple stages, including the execution of obfuscated JavaScript and PowerShell scripts to deploy the RAT payload. No specific dates, CVE IDs, or victim counts were disclosed in the report. The primary impact involves unauthorized remote control of compromised Windows systems.