Name of the Vulnerable Software and Affected Versions alipayjsapi versions (affected versions not specified)

Description The issue concerns malicious code in the alipayjsapi package, which uploads system information to a remote server, downloads a file, and executes it. This behavior indicates a significant security risk. Any computer with this package installed or running should be considered fully compromised.

Recommendations Remove the alipayjsapi package, however, be aware that this may not remove all malicious software resulting from its installation. Rotate all secrets and keys stored on the compromised computer immediately from a different computer.