Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

News
Yanac

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”

bitcoin-main-lib (2,300 Downloads)
bitcoin-lib-js (193 Downloads)
bip40 (970 Downloads)

“TheThe Hacker NewsRead More