Recent intelligence has uncovered two malicious packages in npm and PyPI, named kube-health-tools and kube-node-health respectively, aimed at compromising Kubernetes environments. Although these packages appear legitimate, they execute a backdoor that establishes an LLM (Large Language Model) proxy service on infected machines. The primary mechanism involves native binaries that either execute upon import or require() calls. These droppers are designed to download a stage 2 payload from GitHub while embedding XOR-encrypted configuration data critical for further operations.