xnder-sdk-js@0.0.1-security

security holding package

Direct Vulnerabilities

Known vulnerabilities in the xnder-sdk-js package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • C
Malicious Package

xnder-sdk-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

How to fix Malicious Package?

Avoid using all malicious instances of the xnder-sdk-js package.

*
  • C
Malicious Package

xnder-sdk-js is a malicious package. that installs "socket io" as a remote access trojan (RAT), then fetch a second-stage payload (0001.dat) from the same command-and-control (C2) server and execute it. The C2 is linked to FAMOUS CHOLLIMA, a North Korean (DPRK) group behind the "Contagious Interview" campaign.

How to fix Malicious Package?

Avoid using all malicious instances of the xnder-sdk-js package.

*