A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.
First seen on bleepingcomputer.com
Jump to article: www.bleepingcomputer.com/news/security/malicious-npm-package-using-steganography-downloaded-by-hundreds/
