Malicious harvester
Background
An open-source package that attempts to harvest data from the web could be a software component or library that is publicly available and distributed under an open-source license, but is designed to automatically collect, extract, or scrape information from websites or online sources without the explicit consent or authorization of the website owners or users.
Problem
Web data harvesting packages may be used for a variety of purposes, including data aggregation, market research, competitive analysis, content monitoring, price tracking, and other legitimate activities. However, they can also be abused for malicious purposes, such as data theft, copyright infringement, spamming, or unauthorized surveillance.
Remediation
Remove the package from your dependencies list, disconnect affected devices from the network and report the incident to the relevant authorities in your organization.
See
Updated 7 months ago