Researchers have discovered two fake AWS packages, 'img-aws-s3-object-multipart-copy' and 'legacyaws-s3-object-multipart-copy', downloaded hundreds of times from the open source NPM JavaScript repository. These packages contained carefully concealed code that backdoored developers' computers when executed. The attack used image files to hide the malicious code, highlighting the growing sophistication of attacks targeting open source repositories such as NPM, PyPI, GitHub, and RubyGems. Developers are urged to be extra cautious when downloading packages from these repositories. The Hacker News reported on the incident.