-
Notifications
You must be signed in to change notification settings - Fork 170
/
Copy path687325.txt
48 lines (34 loc) · 1.49 KB
/
687325.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
ReportLink:https://hackerone.com/reports/687325
WeaknessName:Malware
Reporter:https://hackerone.com/mada_uk
ReportedTo:Node.js third-party modules(nodejs-ecosystem)
BountyAmount:
Severity:high
State:Closed
DateOfDisclosure:04.10.2019 20:08:53
Summary:
Hello,
I am a front end developer and use Vue.js and Visual Studio Code and have had an issue recently with scripts not running in my terminal so decided to fault find.
All programmes that I can think of are up to date, and today I decided to do a full windows defender scan and found the above file.
I cannot say how to reproduce it as I'm not sure how I got it in the first place.
These are my global packages:
`PS C:\web-dev\adp-run> npm list -g --depth 0
C:\Users\mada7\AppData\Roaming\npm
+-- @vue/[email protected]
+-- @vue/[email protected]
`-- [email protected]`
I’ve done some research and cant find what npm package the file came from (if any) so was wondering if :
I) This file is from a compromised npm package I’ve used?
II) This file is from node.js? I’ve done a fresh install of node within the last 7 days
III) Whether I’m one of many infected with this malware, I am not aware of using the event-stream package that was infected previously
Thanks for any help, Windows Defender tells me the threat is blocked.
Adam
## Impact
This threat can perform a number of actions of a malicious hacker's choice