Datadog Security Labs identified a coordinated supply chain attack campaign (tracked as MUT-8694) active from at least October 10, 2024, targeting both the npm and PyPI package ecosystems — the first observed simultaneous campaign across both registries by a single threat actor. The campaign used 42 malicious PyPI packages and 18 npm packages, most typosquatting legitimate names. Packages predominantly targeted Roblox developers (stealing Roblox cookies, browser passwords, crypto wallets, Telegram sessions). Malware payloads included Blank Grabber and Skuld Stealer (open source infostealers). Targeted Windows users. The campaign highlighted the risk of cross-ecosystem coordinated supply chain attacks by a single threat actor.