Over 70 Malicious npm and VS Code Packages Steal Data Amid AppSheet Phishing, Venom RAT, Docker Crypto-Mining, and Payroll Hijacking

A series of cybersecurity threats have emerged targeting developers, employees, and organizations through multiple sophisticated malware campaigns. Over 70 malicious npm and Visual Studio Code packages have been identified stealing data, wiping files, and triggering system shutdowns by exploiting trusted package names to infiltrate development environments. Cybercriminals have also exploited Google's no-code tool AppSheet to impersonate Meta via Facebook, launching a phishing campaign that deviates from traditional methods. Additionally, attackers are hijacking employee payrolls by manipulating Google search results for payroll portals, redirecting salary payments to hackers through fake sites, mobile traps, and compromised home routers. Another threat involves hackers creating a counterfeit Bitdefender site to distribute the Venom RAT malware, which steals passwords, cryptocurrency, and system control using open-source tools and MFA bypass techniques. Furthermore, a new malware strain is hijacking exposed Docker APIs to covertly mine cryptocurrency, spreading autonomously without a command-and-control server. These developments highlight the evolving tactics cybercriminals are employing to exploit trusted platforms, developer tools, and employee behaviors to conduct data theft, financial fraud, and unauthorized system control.