MAL-2026-6162 Malicious code in font-picker-responsive (npm)
The npm package font-picker-responsive published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...