Add recent reports #776
Add recent reports #776
Conversation
Signed-off-by: poppysec <[email protected]>
| { | ||
| "package": { | ||
| "ecosystem": "npm", | ||
| "name": "ethchained" |
There was a problem hiding this comment.
Can you explain more why this package is considered malicious?
It is definitely suspicious, but doesn't execute the problematic code, except if the file is excuted directly by passing it to node.js.
There was a problem hiding this comment.
My original thinking was that in the package.json for this file the script eth.js with the malicious functionality is defined as the entrypoint via main.
"main": "/docs.wrm/basics/eth.js",
The archiving/exfiltration functions are the exports of eth.js
module.exports = {
initiateExodusBackup,
getLocalIpAddress,
getPublicIpAddress,
getExodusWalletDir,
createBackupZip
};
Hence I thought upon import of the package itself, the functions are executed. But yes you are right unless it's executed like node /docs.wrm/basics/eth.jsit won't send to the ngrok endpoint. I still think there's no good reason to have that in there, but I'm fine to remove the report if you think it doesn't pass the threshold of malicious.
Signed-off-by: poppysec <[email protected]>
No description provided.