destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems.
Remove the package from your environment and perform additional incident response on your system's files and processes.
publishedAdvisory PublishedMay 22nd, 2019
reportedReported by Adam BaldwinMay 22nd, 2019