Malicious Package Affecting @pornhub/alerts package, versions *
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-PORNHUBALERTS-1920927
- published 14 Nov 2021
- disclosed 14 Nov 2021
- credit Unknown
How to fix?
Avoid using all malicious instances of the @pornhub/alerts
package.
Overview
@pornhub/alerts is a malicious package.
Malicious code embedded into the package enumerates the system it is installed on. Attacker's payload is executed automatically upon installation and data is sent via DNS tunneling to the domain .ex.neversummer.xyz
.