Three malicious packages named “solanacore,” “solana-login,” and “walletcore-gen” have been found on the npmjs.com registry targeting Solana crypto developers with Windows malware. Unlike typical crypto-stealer packages, they plainly show their intent to collect keylogging and other sensitive data, rather than attempting to hide their true nature. The packages use Slack web hooks and ImgBB APIs to transfer the collected data to external actors. The packages have been downloaded over 1,900 times.

New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload
Researchers have uncovered a new strain of the advanced KoiLoader malware, believed to be distributed through phishing emails posing as bank statements. The malware employs