Cybersecurity researchers have discovered a new ‘Stealit’ info-stealing malware campaign that exploits an experimental Node.js feature.