Name of the Vulnerable Software and Affected Versions bowee version 1.8.4

Description The issue concerns malicious code in the preinstall script of the affected version, which downloads a file from a remote server, executes it, and opens a backdoor. Any computer with this package installed or running should be considered fully compromised.

Recommendations Remove the package, however, be aware that this may not remove all malicious software resulting from its installation. Rotate all secrets and keys stored on the compromised computer immediately from a different computer.