Name of the Vulnerable Software and Affected Versions kraken-api version 0.1.8

Description The issue concerns malicious code in the postinstall script of the affected version, which contacts a Command and Control server to execute arbitrary commands, potentially leading to full compromise of the computer. Secrets and keys stored on the compromised computer should be rotated immediately from a different computer.

Recommendations For kraken-api version 0.1.8, consider downgrading to version 0.1.7. Remove the package, but be aware that this may not remove all malicious software resulting from its installation. As a precaution, consider the computer fully compromised and take necessary steps to secure it, such as rotating secrets and keys from a different computer.