You can actually test it yourself. The actual URL is in the post and the website is still up.
replySeems like it actually loads a PNG image now, maybe the npm script adds some additional headers to trigger the payload.
replyAFAIK most malware like this first sends the contents of your environment variables, ssh keys, passwords, etc. to the server, and then sets up a persistent process that executes arbitrary commands received from the attacker's server at any time, allowing them to run whatever else they want
replyArbitrary remote code execution, maybe sold to the highest bidder like some shady cloud provider?
replyCompromise of developer's access, API keys, etc. in order to create a supply chain attack.
replyThis has happened to me, it was an attack that was trying to get crypto private keys (ethereum)
reply