Name of the Vulnerable Software and Affected Versions maleficent versions (affected versions not specified)

Description The issue concerns malicious code in the maleficent package, which gathers system information including environment variables, OS information, network interface details, AWS credentials, npm credentials, and ssh keys. This information is printed to a local file but not uploaded to a remote server.

Recommendations Remove the maleficent package from your environment to prevent further compromise.