|
|
|
|
|
|
by olex
1700 days ago
|
|
|
Maintainer already released clean versions "on top of" the compromised ones, and NPM acted on reports and removed the compromised versions as well. Compromised (and no longer downloadable from NPM): - 0.7.29 - 0.8.0 - 1.0.0 Clean: - 0.7.28 (last version before the hijack) - 0.7.30 - 0.8.1 - 1.0.1 Compromised versions apparently contained a cryptomining tool capable of running on Linux, and a trojan that extracts sensitive data (saved passwords, cookies) from browsers on Windows. Both are blocked by up-to-date Windows Defender and presumably other AV software. |
|
|