Cybersecurity investigators have identified a harmful npm package equipped with covert functionalities to embed malicious code into desktop applications for cryptocurrency wallets such as Atomic and Exodus on Windows platforms. The package, referred to as nodejs-smtp, mimics the authentic email library nodemailer, featuring the same tagline, page design, and README descriptions, garnering a total of 347 users.