Threat Intelligence Report

Hiding in Plain Pixels: Malicious NPM Package Found

📅 February 26, 2026 📰 www.veracode.com 🔍 0 CVE(s) referenced

A malicious NPM package, buildrunner-dev, uses advanced obfuscation and steganography to deliver a multi-stage Pulsar RAT attack chain hidden inside PNG images, evading detection and targeting Windows developers with per-antivirus evasion and AMSI bypass techniques.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle