Name of the Vulnerable Software and Affected Versions commander versions (affected versions not specified)

Description The issue concerns malicious code in the commander package, which is designed to exploit users' typing mistakes when installing modules. Upon installation, the package attempts to initiate a cryptocurrency miner using coin-hive.

Recommendations Remove the package from your environment and verify whether your system is running the cryptocurrency miner.