A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from security researchers at ReversingLabs, who have said aabquerys was able to download second- and third-stage malware payloads to infected systems.
Read full article on Infosecurity