The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
According to the site, this includes Nano Banana for image generation and editing, Gemini Veo for video creation, plus ...