Hackers have compromised widely used JavaScript software libraries in what’s being called the largest supply chain attack in history. The injected malware is reportedly designed to steal crypto by swapping wallet addresses and intercepting transactions.
Source: https://cointelegraph.com/news/npm-attack-crypto-stealing-malware-into-core-javascript-libraries