Over 70 Malicious npm and VS Code Packages Discovered Stealing Data and Cryptocurrencies

More than 70 malicious npm and VS Code packages have been discovered, stealing data and cryptocurrencies. Among them, 60 npm packages were identified in the package registry with malicious features to collect hostnames, IP addresses, DNS servers, and user directories to an endpoint controlled by Discord. These packages, published under three different accounts, include a script executed during installation via npm install, according to Kirill Boychenko, a security researcher at Socket.