“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
https://threatpost.com/malicious-exchange-server-module-outlook-credentials/177077/
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
https://threatpost.com/malicious-npm-code-packages-discord/176886/