Open-source software repositories have become a primary target for supply chain attacks, with attackers using methods such as typosquatting and masquerading to introduce malicious packages. The JFrog Security Research team has identified eight sophisticated npm packages, including react-sxt and react-sdk-solana, which employ advanced obfuscation techniques and a multi-layer payload delivery mechanism to target Google Chrome users on Windows. These packages were designed to steal sensitive information such as passwords, credit card details, cryptocurrency funds, and user cookies from Chrome. The attack involves multiple layers of obfuscation, using JavaScript and Python, to conceal its malicious intent, making it difficult to detect and analyze. The final payload, capable of extensive data theft and employing stealthy exfiltration techniques, highlights the significant threat that these packages pose to developers and organizations relying on open-source components. In response, JFrog has updated its Xray product to detect these malicious packages, enhancing security for its users.