Malicious npm Package Uses Unicode Steganography for Hidden Payload

Cybersecurity researchers have discovered a malicious npm package named "os-info-checker-es6" that masquerades as a system information utility to discreetly deploy a second-stage payload on compromised systems. This campaign uses Unicode-based steganography to hide its initial malicious code and employs a shortened Google Calendar event link as a dynamic dropper for its final payload.