MAL-2024-9424

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ethers-mew/MAL-2024-9424.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-9424
Published
2024-10-17T17:30:54Z
Modified
2024-10-17T17:30:54Z
Summary
Malicious code in ethers-mew (npm)
Details

The package contains additional code to append a hardcoded SSH key to the user's authorized_keys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server.

References
Credits

Affected packages

npm / ethers-mew

Package

Affected ranges

Affected versions

6.*

6.13.4