“`html
A fresh assortment of four harmful packages has been identified in the npm package registry, possessing the ability to harvest cryptocurrency wallet credentials from Ethereum developers.
“The packages pretend to be authentic cryptographic tools and Flashbots MEV infrastructure while covertly transferring private keys and mnemonic phrases to a Telegram bot overseen by the malicious actor,” stated a Socket researcher.
“`