Security Vulnerability #196
Description
A malicious NPM package, unrs-resolver@1.11.1, which is a fraudulent package designed to execute supply-chain attacks.
This package contained a postinstall script that triggered execution of a compromised version of napi-postinstall (0.3.0–0.3.1), which then attempted to download and run malicious binaries from attacker-controlled servers, including
https://hybird-accesskey-staging-saas.s3.../agent and http://45.76.155.14/vim.
Because these binaries were downloaded and execution was attempted, the affected EC2 instance must be considered compromised, and the malware could have achieved persistence or exfiltrated data.
This represents a confirmed real-world NPM supply-chain attack, and immediate remediation, including removal of the package, full dependency reinstall, and redeployment on a clean environment, is required.