Discover Hacks/Cracks News
Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices
The malicious packages are:
“klow, klown” have been tracked under Sonatype-2021-1472. Whereas, “okhsa” has been cataloged under Sonatype-2021-1473.
Different versions of the “okhsa” package largely contain skeleton code that launches the Calculator app on Windows machines pre-installation. But additionally, these versions contain either the “klow” or the “klown” npm package as a dependency—which is malicious.