NPM software package is compromised, apps like trezor, ledger, bitkey, blue wallet and more could be compromised. Jade wallet, aqua, sparrow, and cold card are confirmed to be safe.
If you absolutely have to move funds, make sure you check the address fully before sending the transaction. The hacker is swapping addresses.
It is unknown at this time if software wallets can be drained, so pay attention and be ready to move those funds if you have to.