Name of the Vulnerable Software and Affected Versions yoeman-generator version 2.0.2

Description The issue concerns malicious code in the preinstall script of the package. This malware is designed to exploit users who make typos when installing modules. Upon installation, it downloads a file from a remote server, executes it, and opens a backdoor.

Recommendations For version 2.0.2, remove the package immediately. However, due to the potential for full system compromise, removing the package may not eliminate all malicious software. It is crucial to consider any computer with this package installed as fully compromised. All secrets and keys stored on the compromised computer should be rotated immediately from a different, secure computer.