The npm security team has stated that these shells can work on both Windows and * nix operating systems, such as Linux, FreeBSD, OpenBSD, and others.
The packages have been online for almost a year
These three packages were uploaded to the NPM portal almost a year ago, in mid-October 2019. Each module has been downloaded more than 100 times in total since its release. The names of the packages are:
“Any computer on which these packages are installed should be considered totally compromised. All secrets and keys stored on this computer should be immediately changed from another computer, ”warns the NPM security team. “The package must be removed, but since full control of the computer may have been compromised by an outside entity, removing the package is not guaranteed to remove all malware resulting from its installation,” they add. .
Several operations of the same type in the last three months
While malicious packets are routinely removed, the removal of these three packages is the third major packet removal operation in the past three months.