Open th0mas opened 2 years ago
@th0mas thanks for sharing. Do you know if any of our projects are using this?
A quick search of @dwyl's code: https://github.com/search?q=org%3Adwyl+ua-parser-js&type=code
Suggests we aren't using it in any of our projects ... but it might well be somewhere in our great-grand-child dependencies ... 🙄
So stoked that Phoenix
has ditched Webpack
for build. https://github.com/dwyl/learn-phoenix-framework/issues/143#issuecomment-951845792
so these random Node.js/NPM dependencies should be less of an issue in our Elixir
projects.
From the GitHub security advisory:
Current analysis on the malware seems to suggest it will persist after removal of the packages from the infected computer. It seems to export credentials and browser cookie data.
As this malware seems to effect Windows/macOS/Linux and isn't caught by many antivirus tools/the OS a clean install is recommended if any device is affected.