The technical write-up by ReversingLabs threat researchers Lucija Valentic and Karlo Zanki says the malicious package consisted of two files, one obfuscated via the JavaScript obfuscator.