(RESOLVED) Version 4.4.2 published to npm is compromised

1 min read Original article ↗

Skip to content

Navigation Menu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Description

@Informatic

MESSAGE FROM @Qix- : PLEASE SEE #1005 (comment) FOR LATEST UPDATES.


Version not present in this repo has been pushed out to npm.
https://www.npmjs.com/package/debug/v/4.4.2?activeTab=code
src/index.js seems to contain a cryptominer installer something like a cryptostealer?
My brain is too foggy to figure out, but seems as if most of the payload doesn't actually run if typeof window == undefined as is the case in NodeJS runtime?

Metadata

Metadata

Fields

No fields configured for issues without a type.

Development

No branches or pull requests

Issue actions