GMS-2020-243: Malicious Package

September 11, 2020

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. ## Recommendation

Remove the package from your environment and follow the recommendations by Komodo

References

blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm
github.com/advisories/GHSA-j8qr-rvcv-crhv
komodoplatform.com/vulnerability-discovered-in-komodos-agama-wallet-this-is-what-you-need-to-do/
www.npmjs.com/advisories/927

Code Behaviors & Features

Detect and mitigate GMS-2020-243 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →