Three npm packages found opening shells on Linux, Windows systems:

The packages are plutov-slack-client, nodetest199, and nodetest1010.

npm security team: "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer."

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community