Malicious npm package pdf-to-office trojanizes Atomic Wallet, Exodus apps to steal crypto funds, persisting after deletion.