NPM Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

In a recent incident, a malicious package called “oscompatible” was uploaded to the npm registry. The package was found to contain a sophisticated remote access trojan for Windows machines.