u/BruhhhMomentummm

There seems to be a new npm worm variant discovered today.

Steals GitHub tokens, uses GitHub's own commit search as P2P C2 (no private server), and leaves a dead-man's switch that triggers destructive actions if you revoke the token before removing persistence. The sigil in the commit message is: "IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner"

Full investigation of the variant and the IOC are in the link.