Name of the Vulnerable Software and Affected Versions jqeury version 3.3.1

Description The issue concerns a malicious package designed to exploit users who mistakenly install it due to a typo in the module name. Upon installation, the package downloads and executes a file from a remote server, opening a backdoor. This results in the computer being fully compromised.

Recommendations For version 3.3.1, consider the computer fully compromised and take immediate action: Remove the package, however, be aware that this may not remove all malicious software resulting from its installation. Rotate all secrets and keys stored on the compromised computer from a different, secure computer.