Could not find any public use of the package but there's a few interesting things about this repo:
- The author used to work at wargaming.net at the time the repo was created (publisher of world of tanks)
- There are two contributors: the author and one of his ex-colleague from wargaming.net.
- There are a bunch of maintenance commits over the years suggesting actual use and not just a random weekend project.
A bit far-fetched but whoever introduced this backdoor could be attempting a targeted attack against wargaming.net as there's a good chance it's used in there.
Note: it looks like the author of the package removed the malicious commit.
Quote:
----------------
Could not find any public use of the package but there's a few interesting things about this repo:
- The author used to work at wargaming.net at the time the repo was created (publisher of world of tanks)
- There are two contributors: the author and one of his ex-colleague from wargaming.net.
- There are a bunch of maintenance commits over the years suggesting actual use and not just a random weekend project.
A bit far-fetched but whoever introduced this backdoor could be attempting a targeted attack against wargaming.net as there's a good chance it's used in there.
Note: it looks like the author of the package removed the malicious commit.