{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiewihfc5u5haxg4olcidk25rno2v7p53sfjx5xihqmpuszti2obju",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mfoke7jlbdf2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiaqovxdwdsolnbyqomvrzssykqdxixrxpdxdwaplcxbgiroclsowy"
    },
    "mimeType": "image/jpeg",
    "size": 134330
  },
  "path": "/steganography-npm-attack-hides-pulsar-rat-in-innocent-png-images/",
  "publishedAt": "2026-02-25T10:25:09.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Steganography NPM Attack Hides Pulsar RAT in Innocent PNG Images",
    "VPN Central"
  ],
  "textContent": "Malicious NPM package buildrunner-dev embeds Pulsar RAT inside PNG images using steganography. Typosquatted buildrunner package evades scanners by encoding malware in pixel RGB values. Veracode uncovered seven-layer obfuscated batch file delivering UAC bypass and process hollowing. Developers install via npm install triggering postinstall init.js script. Codeberg repository serves packageloader.bat with 1,653 obfuscated lines. Junk comments, fake base64, and dummy […]\n\nThe post Steganography NPM Attack Hides Pulsar RAT in Innocent PNG Images appeared first on VPN Central.",
  "title": "Steganography NPM Attack Hides Pulsar RAT in Innocent PNG Images"
}