Name of the Vulnerable Software and Affected Versions sj-tw-sec versions (affected versions not specified)

Description The issue concerns malicious code within the sj-tw-sec package, which downloads and runs a script. This script opens a reverse shell in the system, potentially leading to full compromise of the computer. Secrets and keys stored on affected computers are at risk.

Recommendations Remove the sj-tw-sec package. Consider any computer with this package installed or running as fully compromised and rotate all secrets and keys stored on it from a different computer. As a precaution, due to potential full control given to an outside entity, removing the package may not remove all malicious software resulting from its installation.