Name of the Vulnerable Software and Affected Versions hpmm versions (affected versions not specified)

Description The issue concerns malicious code within the hpmm package, which uploads system information to a remote server, downloads a file, and executes it. This indicates a severe compromise of system security. The number of potentially affected devices worldwide is not specified. There is no information about specific real-world incidents where this issue was exploited. Technical details about exploitation include the package's ability to upload system information and download and execute files, potentially allowing for full control of the compromised computer.

Recommendations Remove the hpmm package, however, be aware that this may not remove all malicious software resulting from its installation. Rotate all secrets and keys stored on the compromised computer immediately from a different computer, as the compromised computer should be considered fully compromised.