Security researchers have uncovered a concerning trend in software supply chain attacks with the discovery of malicious npm packages disguised as legitimate PostCSS tools. These packages, designed to appear benign to unsuspecting developers, actually contain a Windows-based remote access trojan (RAT) that could provide attackers with unauthorized control over compromised systems. This incident highlights the ongoing risks associated with open-source package repositories and the sophisticated methods employed by threat actors to infiltrate development environments.

The identified malicious packages include aes-decode-runner-pro with approximately 145 downloads,