Severity: critical

Malicious Package



All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets.


Remove the package from your environment and follow the recommendations by Komodo

Have content suggestions? Visit

Advisory timeline

  1. published

    Advisory Published
    Jun 6th, 2019
  2. reported

    Reported by Adam Baldwin
    Jun 5th, 2019