CVE-2019-19771

Name of the Vulnerable Software and Affected Versions lodahs package versions 0.0.1

Description The lodahs package is a Trojan horse that may have been installed due to a typo of the lodash package name. It is designed to find and exfiltrate cryptocurrency wallets, potentially compromising the security of the affected system. All versions of this package contain malware. Any computer with this package installed should be considered fully compromised.

Recommendations For lodahs package version 0.0.1, remove the package immediately. However, due to the potential for full control of the computer to have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software. Additionally, all secrets and keys stored on the compromised computer should be rotated immediately from a different computer.