Mastra NPM attack: A deep dive on the malware and what it targets

The June 2026 Mastra npm supply-chain attack leveraged a dormant maintainer account to inject a weaponized dependency across 140+ packages, deploying a cross-platform RAT that not only steals crypto-wallet credentials but also aggressively targets password managers, MFA authenticators, and even Zapier browser extensions—signaling a dangerous expansion in the victim profile for software supply-chain malware.