Name of the Vulnerable Software and Affected Versions flatmap-stream version 0.1.1

Description The issue concerns a malicious version of the flatmap-stream module, which targets specific applications, including copay and potentially copay-dash, by running an encrypted payload. This payload reads encrypted data from a disguised file, decrypts it using the package description as a key, and executes the decrypted code. The malicious code checks the Bitcoin and Bitcoin Cash balances in the victim's copay account and, if the balance exceeds certain thresholds, harvests the account data and private keys, sending them to a collection point.

Recommendations Remove the malicious version of flatmap-stream from your environment.