Name of the Vulnerable Software and Affected Versions font-scrubber version 1.2.2

Description The issue concerns malicious code in the postinstall script of the affected software, which attempts to upload sensitive system files to a remote server. These files include configuration files, command history logs, SSH keys, and /etc/passwd.

Recommendations For version 1.2.2, consider the computer fully compromised and remove the package. However, due to potential full control given to an outside entity, removal may not eliminate all malicious software. Rotate all secrets and keys stored on the compromised computer immediately from a different computer.