Malicious Package
of font-scrubber contains malicious code as a postinstall script. The package attempts to upload sensitive files from the system to a remote server. The files include configuration files, command history logs, SSH keys and /etc/passwd. ## Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should …