Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”bitcoin-main-lib (2,300 Downloads)bitcoin-lib-js (193 Downloads)bip40 (970 Downloads)”The
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html
![]()

