Remix clone Hacker News

new | show | ask | jobs Github

	▲	kpcyrd 2 hours ago
		You could try rkhunter or unhide from the official repositories, but I haven't tested this myself and I don't know how well they work with BPF rootkits (and/or this one specifically). All of the packages I have triaged involved the atomic-lockfile npm package, so this is something you could try: `npm cache ls \| grep atomic-lockfile` The problem with an officially endorsed solution is that the rootkit authors could push an update that hides/removes the indicators of compromise the endorsed script checks for (e.g. it would be trivial to have the malware delete atomic-lockfile from the npm cache).