Name of the Vulnerable Software and Affected Versions hsf-clients versions (all versions)

Description The issue concerns malicious code in the hsf-clients package, which uploads system information to a remote server, downloads a file, and executes it. This indicates a severe compromise of system security. There is no mention of the estimated number of potentially affected devices worldwide or specific real-world incidents where this issue was exploited. However, the presence of malicious code that can execute arbitrary files poses a significant risk.

Recommendations For all versions of hsf-clients, consider the computer fully compromised if this package is installed or running. Remove the hsf-clients package, but be aware that this may not remove all malicious software resulting from its installation. Rotate all secrets and keys stored on the compromised computer immediately from a different computer.