MUT-8694: An NPM and PyPI Malicious Campaign Targeting Windows Users

Datadog Security Research describes an active, cross-ecosystem supply-chain campaign (MUT-8694) that publishes malicious typosquatted packages to PyPI and npm to deliver infostealers (Blank Grabber and Skuld Stealer) to Windows developers; the report includes technical analysis of loaders (obfuscated JS and setup.py PowerShell execution), behavioral TTPs (Defender disabling, persistence, enumeration, credential and crypto theft), IOCs (package names, file hashes, malicious URLs, webhooks/Telegram tokens), and YARA rules to aid detection and response.