Malware in npm package @malwguy/ecto-corsair-whisper-3d2a7c

malicious-version-published · active

A malicious npm package, @malwguy/ecto-corsair-whisper-3d2a7c, was published containing malware. Any machine where it was installed should be treated as fully compromised, and all secrets and keys on that machine should be rotated immediately from a different computer.

Affected packages

• npm@malwguy/ecto-corsair-whisper-3d2a7csee advisory

Sources

• ghsahttps://github.com/advisories/GHSA-636m-vpq6-g454