MAL-2026-6161 Malicious code in flexbox-oauth-machinelearning (npm)
The npm package flexbox-oauth-machinelearning published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...