Product
The CanisterSprawl malware campaign targets npm packages, using a self-propagating approach to steal sensitive data from developer machines, including tokens and API keys, and attempting to publish malicious packages using hijacked credentials.