Affected script: "install-scripts:preinstall"
The code is designed to collect sensitive information about the system where it's executed and send this data to a remote server. It extracts the package name, current directory, user's home directory, hostname, username, DNS servers, package resolution details, and the version of a package from package.json
. This data is then POSTed to a remote server, which indicates a potential data exfiltration vulnerability. The remote server domain looks suspicious and could be associated with a Command and Control server or a data collection point set up by an attacker to gather stolen data.