Three npm packages found opening shells on Linux, Windows systems:
The packages are plutov-slack-client, nodetest199, and nodetest1010.
npm security team: "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer."
chaos.social – a Fediverse instance for & by the Chaos community