New Malicious npm Package "ambar-src" Targets Developers with Open Source Malware

Tenable Research analyzed a malicious npm package, "ambar-src", which used the npm preinstall hook and hex-encoded commands to fetch and execute OS-specific payloads (Windows msinit.exe, Linux reverse_ssh ELF, macOS Apfell), was downloaded roughly 50,000 times before removal, employed detection-evasion techniques, and includes a detailed IOC list (filenames, SHA256 hashes, domains, and Yandex Cloud function C2 URLs) along with recommended incident response actions.