Malicious NPM Packages Disguised With ‘Invisible’ Dependencies

Malicious NPM Packages Disguised With ‘Invisible’ Dependencies

In the “PhantomRaven” campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.