Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
Malicious npm package downloaded 2,001 times hides payload via Unicode and Google Calendar links.
More info