Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites.The malicious npm packages, published by a threat actor named “dino_reborn” between September and November 2025, are
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html
