Malicious Package in commqnder
Critical severity
GitHub Reviewed
Published
Sep 11, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 11, 2020
Last updated
Jan 9, 2023
All versions of
commqnder
contain malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive.Recommendation
Remove the package from your environment and verify whether your system is running the cryptocurrency miner.
References