Lucene search

K
nodejsMicrosoft Vulnerability ResearchNODEJS:1297
HistoryOct 25, 2019 - 6:07 p.m.

Malicious Package

2019-10-2518:07:04
Microsoft Vulnerability Research
www.npmjs.com
8
malicious code
version 0.8.0
ethereum cryptocurrency
unauthorized transactions
remove package
check funds

Overview

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

References

GitHub Advisory

Affected configurations

Vulners
Node
ks-sha3Range0.0.0
VendorProductVersionCPE
*ks-sha3*cpe:2.3:a:*:ks-sha3:*:*:*:*:*:*:*:*