By 
According to reports, new malicious NPM packages have been found that install the njRAT remote access trojan, letting cybercriminals to gain control over a computer.
NPM, a JavaScript package manager, allows developers and users to download packages and incorporate them into their projects.
Since NPM is an open network, anyone can upload a new package without being reviewed or skimmed for malware. While this setting has led to a source of 1 million rich and varied packages, it also makes it easy for cybercriminals to upload malicious packages.
Malicious NPMs install njRATToday, open-source security firm Sonatype exposed malicious NPM packages pretending to be a genuine tool to make databases out of JSON files.
Although these packages were dubbed ‘jdb.js’ and ‘db-json.js’ and have been deleted by NPM, they look like innocuous packages that could be used to add new functionality to a project.
Over the past year, it has become gradually common to find NPM packages that install malware or perform spiteful behavior.
Lately, NPM eliminated malicious packages called ‘fallguy’ and ‘discord.dll’ after learning that they were used to steal Discord tokens and browser information from Google Chrome, Brave Browser, Opera, and Yandex Browser.
