tldr - powered by Generative AI

• Open-source repositories are increasingly being targeted by threat actors to infiltrate enterprise environments.
• Typosquatting is a common attack technique where adversaries upload packages with names similar to legitimate ones to deceive users.
• Over 500 deceptive variants of popular packages have been uploaded from a unique account, suggesting automation.
• Malicious packages target Windows users, downloading and executing payloads from an actor-controlled domain.
• The malware functions as a stealer, exfiltrating files, Discord tokens, and data from web browsers and cryptocurrency wallets.
• Developers must thoroughly vet third-party components to mitigate the risk of software supply chain attacks.