Skip to content

Malicious Package in electron-native-notify

critical severity GitHub Reviewed Published Sep 11, 2020

Package

npm electron-native-notify (npm)

Affected versions

>= 0

Patched versions

None

Description

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets.

Recommendation

Remove the package from your environment and follow the recommendations by Komodo

References

GHSA ID

GHSA-j8qr-rvcv-crhv