Embedded malicious code (backdoor) in coa - #VU57962

 

Embedded malicious code (backdoor) in coa - #VU57962

Published: November 4, 2021


Vulnerability identifier: #VU57962
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability: The vulnerability is being exploited in the wild
Vendor: Sergey Berezhnoy
Affected software:
coa

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

The npm package has been compromised and includes cryptomining and password stealing malware.


Remediation

The latest version of the software is 2.0.2, which does not have malicious code.

Sources