The package contains additional code to append a hardcoded SSH key to the user's authorized_keys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server.
{ "malicious-packages-origins": null }