Hi Fabio,
pkgbuild plex-media-player have been updated to include: […]
Duplicates uploaded today always by new suspicious accounts are:
plex-media-player-v2 plex-media-player-mod plex-media-player-custom
also have 'npm install crypto-javascript' in .install file Thanks for the report! I can confirm that the NPM package delivered by the install script contains malware in its preinstall binary. [1]
I have deleted the three new packages and cleaned up the malicious commit on plex-media-player via force push. The accounts responsible for the malicious commits have been suspended. I have also reported the infected package on NPM. Thanks again for your help. Much appreciated! [1]: https://socket.dev/npm/package/crypto-javascript/overview/4.3.6 Regards Claudia