The malicious package was uploaded to the repository on December 30, 2019, they managed to download it at least 32 times, and then it was noticed by information security specialists at Microsoft. According to the analysis of the researchers, the package steals confidential information using installation scripts and is designed exclusively for UNIX systems. Among the stolen data:
- Environment Variables;
- running processes;
- / etc / hosts;
- uname -a;
- npmrc file.
It should be noted that the theft of environment variables is very dangerous, since hard-coded passwords and API access tokens in web applications and mobile applications are often stored in the form of environment variables.
Now, all developers who managed to download a dangerous package are advised to urgently remove it from their systems and change all compromised credentials.