7 malicious npm packages steal crypto wallets by phishing sudo passwords via fake installs, leading to RAT deployment and credential exfiltration.