cofeescript is malware
Moderate severity
GitHub Reviewed
Published
Aug 6, 2018
to the GitHub Advisory Database
•
Updated Sep 6, 2023
Description
Published to the GitHub Advisory Database
Aug 6, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 6, 2023
The
cofeescript
package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations.All versions have been unpublished from the npm registry.
Recommendation
If you have found
cofeescript
installed in your environment, you should:Additionally, any service which may have been exposed via credentials in your bash history or accessible via your ssh keys, such as a database, should be reviewed for indicators of compromise as well.
References