Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data.
The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below -

react-performance-suite
react-state-optimizer-core
react-fast-utilsa
ai-fast-auto-trader



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/03/ghost-campaign-uses-7-npm-packages-to.html