Key Findings North Korean threat actor Famous Chollima deployed malicious npm packages designed to steal cryptocurrency wallet credentials and source code from developers Campaign codenamed PromptMink features AI-generated malware split across multiple package layers to evade detection Malware evolved from simple JavaScript stealers to sophisticated multi-platform RATs compiled in Rust, capable of establishing SSH backdoors Attack chain leverages legitimate-looking packages a