malware npm

leo-logger

discovered 2026-06-24

LeoPlatform package infected by Miasma worm. Highest traffic target (3,140 weekly downloads). Phantom Gyp binding.gyp trigger.

Threat types

worm credential_stealer data_exfiltration

Malicious versions

  • 1.0.8

Campaigns