ReversingLabs laid bare two malicious npm packages—nodejs-encrypt-agent and nodejs-cookie-proxy-agent—harboring an open-source information-stealing malware known as TurkoRat. The packages were collectively downloaded around 1,200 times and remained accessible to users for over two months. The malware can gather sensitive data, including login credentials, crypto wallets, and website cookies.