Recently, cyber attackers employed phishing strategies to gain unauthorized access to the account of an NPM package maintainer. Once inside, they injected malicious software into several NPM packages that enjoy high download volumes. Among the compromised packages were well - known ones such as debug, chalk, and supports - color. Collectively, these packages rack up over 2.6 billion weekly downloads.

The attackers cleverly crafted phishing emails to mimic the genuine npmjs.com domains. This ruse successfully tricked maintainers into clicking on the provided links and entering their login credentials. As a result, the attackers managed to insert harmful code into at least 18 packages that are downloaded frequently.

The npm team has taken swift action by removing some of the packages that had been tampered with. However, it's possible that the cryptocurrency transactions of certain users have already been compromised and taken over by the attackers.