Hundreds of code libraries posted to NPM try to install malware on dev machines

The IP address returned by a package Phylum analyzed was: hxxp://193.233.201[.]21:3001. While the method was likely intended to conceal the source of second-stage infections, it ironically had the effect of leaving a trail of previous addresses the attackers had used…