Severity: critical

Malicious Package

electron-native-notify

Overview

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets.

Remediation

Remove the package from your environment and follow the recommendations by Komodo

Have content suggestions? Visit npmjs.com/support.

Advisory timeline

  1. published

    Advisory Published
    Jun 6th, 2019
  2. reported

    Reported by Adam Baldwin
    Jun 5th, 2019