Skip to content

Malicious Package in 1337qq-js

critical severity Published Sep 4, 2020 • Updated Oct 4, 2021

Package

npm 1337qq-js (npm)

Affected versions

>= 0.0.0

Patched versions

None

Description

All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes:

  • Environment variables
  • Running processes
  • /etc/hosts
  • uname -a
  • npmrc file

Recommendation

Remove the package from your system and rotate any compromised credentials.

References

GHSA ID

GHSA-7wgh-5q4q-6wx5