The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
The very first one, for example, has three people on the map, one marked with a C (the target customer) and two marked with ...
Stop coding without these extensions ...