Name of the Vulnerable Software and Affected Versions malicious-npm-package versions (affected versions not specified)

Description The issue concerns malicious code within the malicious-npm-package that targets Windows systems. It executes a powershell command, which downloads and runs an executable file from a remote server.

Recommendations For all versions of malicious-npm-package, consider any computer with this package installed or running as fully compromised. Rotate all secrets and keys stored on the compromised computer immediately from a different computer. Remove the malicious-npm-package from the system, but be aware that this may not remove all malicious software resulting from its installation.