[_alphageek]

These attacks evolve each year. Initial ones were just obfuscated code inside some utilities jest/tailwind config, most sophisticated I have seen obfuscated code loaded on chain. So you can not find any trace in the packages, but when you start/install it loads transaction info - decode and boom - you are hacked. So the safest way not to run it or run in isolated docker environment.

[reymon-dev]

Yeah... the on-chain payload delivery is a clever evolution, it removes the static artifact entirely. In this case they used a similar approach but with a Vercel-hosted serverless endpoint as the loader instead of on-chain data. Same principle, nothing malicious exists in the repo itself, payload is fetched at runtime. The two-stage split (ephemeral loader vs persistent TCP C2) was the part I hadn't seen well-documented before.