MAL-2022-4049 Malicious code in jquerry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6621de25a09d367339e4f62396aa977577ce456706c54bffefc8207bdadf871 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

hello_sf_pkg (=1.0.0), sf-b9.2-test-npm (>=1.2.0 <=1.3.0) +3 more potentially affected by unknown CVE via jquerry (=0.0.1-security)

jquerry NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on jquerry and may be impacted: - hellosfpkg =1.0.0 - sf-b9.2-test-npm =1.2.0, =1.3.0 - sfgittestpackage =1.0.0 - sfgittestpackage2 =1.0.0 - web3bruh =0.0.0 Source cves:...

Malicious code in jquerry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6621de25a09d367339e4f62396aa977577ce456706c54bffefc8207bdadf871 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview All versions of jquerry contain malicious code. The index.js file appears to download and execute a crypto mining script. The file is not run upon installation - the package needs to be required or the index.js run manually. Recommendation Any computer that has this package installed or...