Steganography NPM Attack Hides Pulsar RAT in Innocent PNG Images
VPN Central [Unofficial]
February 25, 2026
Malicious NPM package buildrunner-dev embeds Pulsar RAT inside PNG images using steganography. Typosquatted buildrunner package evades scanners by encoding malware in pixel RGB values. Veracode uncovered seven-layer obfuscated batch file delivering UAC bypass and process hollowing. Developers install via npm install triggering postinstall init.js script. Codeberg repository serves packageloader.bat with 1,653 obfuscated lines. Junk comments, fake base64, and dummy […]
The post Steganography NPM Attack Hides Pulsar RAT in Innocent PNG Images appeared first on VPN Central.
Discussion in the ATmosphere