🟠 High | Source: The Hacker News
Three malicious npm packages masquerading as legitimate PostCSS tooling have been discovered delivering a Windows remote access trojan (RAT). The packages accumulated over 1,000 combined downloads before detection, indicating real-world exposure. This is a classic supply chain attack targeting developers who install what appear to be routine CSS processing utilities.
Security Architect’s Take: Audit your CI/CD pipelines and developer environments for the packages aes-decode-runner-pro, postcss-minify-selector, and postcss-minify-selector-parser, and remove them immediately. Enforce npm package integrity checks, restrict installation of unvetted packages in build environments, and consider implementing a private registry with an approved package allowlist to reduce supply chain risk.
Original advisory: Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT