Cybersecurity researchers have revealed a set of seven npm packages published by a single threat actor. These packages use a cloaking service called Adspect to distinguish between real victims and security researchers, ultimately redirecting them to sketchy, crypto-themed sites. The malicious npm packages were published by a threat actor named "dino_reborn" between September and November [...]