Neurotic Pumpkin Murderer
Severity: low

Silently Runs Cryptocoin Miner

hooka-tools

Overview

Affected versions of hooka-tools were compromised and modified to silently run a cryptocoin miner in the background.

All affected versions have been unpublished from the npm registry.

Remediation

While this module has been unpublished, some versions may exist in mirrors or caches. Do not install this module, and remove it if found.

Advisory timeline

  1. published

    Advisory published
    Oct 25th, 2017
  2. reported

    Oct 24th, 2017