The ReversingLabs (RL) research team has uncovered a sophisticated npm-based malware campaign in which a fake npm package, deceptively named pdf-to-office, targets locally installed Atomic and Exodus wallets to silently redirect outgoing crypto funds to attacker-controlled addresses.

‍