StepSecurity identified malicious npm releases [email protected] and [email protected] published through compromised maintainer credentials rather than the project’s normal GitHub Actions OIDC Trusted Publisher flow. The attacker added an unused runtime dependency, [email protected], whose postinstall script acted as a cross-platform RAT dropper for macOS, Windows, and Linux. The dropper decoded obfuscated strings at runtime, contacted http://sfrclak.com:8000/6202033, fetched platform-specific second-stage payloads, and then attempted to remove forensic traces by deleting or replacing its own package metadata. Harden-Runner observed anomalous outbound connections to sfrclak.com:8000 in CI, highlighting how a poisoned top-10 npm package could compromise developer workstations and build environments at large scale.