Malicious ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users

A newly discovered malicious NPM package, dubbed duer-js , is being used to distribute an advanced information‑stealing malware that primarily targets Windows systems and Discord users. Published by the user “luizaearlyx”, the package contains a custom infostealer calling itself “bada stealer”, and…