Researchers at JFrog found 17 malicious packages in the npm repository, which attack and steal users’ Discord tokens. The payloads vary – ranging from remote access backdoors to infostealers.