Kaspersky says 90+ spoofed domains use malicious installers and SEO to deliver AsyncRAT to Windows systems through ScreenConnect.
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.