@michabbb@social.vivaldi.net2026-03-05 09:52:31
🎭 Threat actor also published 3 clean packages (lara-media, snooze, syslog) to build credibility before deploying malicious ones — classic supply chain deception
💀 Impact: Full remote shell access, arbitrary file read/write, harvesting of .env contents including database credentials & API keys — RAT runs at app boot with same permissions as the web app