chai-status 0.0.1-security vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the chai-status package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Malicious Package chai-status is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship. How to fix Malicious Package? Avoid using all malicious instances of the `chai-status` package.	*
C Malicious Package chai-status is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once installed, the package acts as a loader for the `OtterCookie` malware, which connects to a remote server to download and execute a payload granting the attackers full remote access to the victim's system. This malware is designed to steal cryptocurrency wallets, log keystrokes, capture screenshots, and exfiltrate sensitive credentials and files. How to fix Malicious Package? Avoid using all malicious instances of the `chai-status` package.	*

Vulnerability

Vulnerable Version

Malicious Package

chai-status is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

How to fix Malicious Package?

Avoid using all malicious instances of the chai-status package.

Malicious Package

chai-status is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once installed, the package acts as a loader for the OtterCookie malware, which connects to a remote server to download and execute a payload granting the attackers full remote access to the victim's system. This malware is designed to steal cryptocurrency wallets, log keystrokes, capture screenshots, and exfiltrate sensitive credentials and files.

How to fix Malicious Package?

Avoid using all malicious instances of the chai-status package.

chai-status@0.0.1-security vulnerabilities

security holding package

latest version

first published

latest version published

Direct Vulnerabilities

Fix vulnerabilities automatically