The malicious package was uploaded to the repository on December 30, 2019, they managed to download it at least 32 times, and then it was noticed by Microsoft information security specialists. According to the analysis of the researchers, the package steals confidential information using installation scripts and is designed exclusively for UNIX systems. Among the stolen data:
- Environment Variables;
- running processes;
- / etc / hosts;
- uname -a;
- npmrc file.
It should be noted that the theft of environment variables is very dangerous, since hard-coded passwords and API access tokens in web and mobile applications are often stored in the form of environment variables.
Now, all developers who managed to download a dangerous package, it is recommended to urgently remove it from their systems and change all the compromised credentials.