Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a […] The post Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/pylangghost-rat/
