Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-HM6Q-R2JC-CPQH
HistoryDec 16, 2019 - 7:29 p.m.

lodahs is malware

2019-12-1619:29:33
Google
osv.dev
4

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets.

Recommendation

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.

The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

CPENameOperatorVersion
lodahsge0.0.1

Related

cve 1
prion 1
cvelist 1
github 1
nvd 1
symantec 1
cve
cve
CVE-2019-19771
2019-12-12 20:15:17
prion
prion
Design/Logic Flaw
2019-12-12 20:15:00
cvelist
cvelist
CVE-2019-19771
2019-12-12 19:49:40
github
github
lodahs is malware
2019-12-16 19:29:33
nvd
nvd
CVE-2019-19771
2019-12-12 20:15:17
symantec
symantec
Node.js 'lodahs' Package CVE-2019-19771 Unspecified Security Vulnerability
2019-11-27 00:00:00

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON
Related for OSV:GHSA-HM6Q-R2JC-CPQH
cve1prion1cvelist1github1nvd1symantec1