MUT-4831: Trojanized npm packages deliver Vidar infostealer malware

Datadog Security Research discovered a campaign (MUT-4831) that published 17 malicious npm packages (23 releases) which executed postinstall scripts to download an encrypted ZIP containing a Vidar infostealer (bridle.exe); the packages masqueraded as legitimate SDKs, were removed from npm after detection, and the report provides technical analysis, IOCs (download URLs, C2 domains, Telegram/Steam profiles), and remediation guidance.