Cybersecurity analysts have uncovered a fraudulent package titled “os-info-checker-es6” that masquerades as a utility for operating system information, enabling it to covertly deploy a subsequent payload onto affected systems.
“This initiative employs sophisticated Unicode-based steganography to conceal its initial harmful code and makes use of a Google Calendar event short link as a dynamic delivery mechanism for its ultimate”