NPM package caught using QR Code to fetch cookie-stealing malware
From BleepingComputer to All on Tue Sep 23 07:26:32 2025
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. [...]