![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwrGp_cYI-VK0ynnLw1gtDXpPUl9vMoKmYoQVP37NY9WXqbBI7HsgJB--g2xy1YA8D5-V4iuW27xq7zZqu3N-qyYOMTDjFdZiIxsljci4KqzW_xLB8lqv_jWQSSmnWTyIU6bvGiAHt02zWTWPp02EKONbRpoluIyqrPPTk6IBDIfrZd548tVkIJLwdh2p2/s1600/malware.jpg)
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server.
Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core,
Source:: The Hackers News