npm Supply Chain RAT: PostCSS Impersonation & Dependency Confusion (opens in new tab)

Originally published on satyamrastogi.com Three malicious npm packages masquerading as PostCSS tools delivered Windows RAT payloads. Analysis of supply chain attack mechanics, payload delivery chains, and detection gaps in dependency management. Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT Executive Summary This is a textbook supply chain attack leveraging npm's trust model. Three packages published in June 2026 - aes-decode-runner-pro, postcss-minify-selector, and post...