Detections
Analytics

Node.js Module plain-crypto-js 4.2.1 installed

critical Nessus Plugin ID 304407

Synopsis

A module in the Node.js JavaScript run-time environment is affected by a BackDoor vulnerability.

Description

The package was confirmed by Socket as malicious and should be removed from the system. The malicious package deploys a multi-stage payload, including a remote access trojan (RAT) capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Remove plain-crypto-js package entirely from the affected system

See Also

http://www.nessus.org/u?8a9f889f

Plugin Details

Severity: Critical

ID: 304407

File Name: npm-plain-crypto-supply-chain-4-2-1.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 3/31/2026

Updated: 3/31/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: x-cpe:/a:plain-crypto-js:plain-crypto-js

Required KB Items: installed_sw/Node.js, Host/nodejs/modules/enumerated

Patch Publication Date: 3/31/2026

Vulnerability Publication Date: 3/31/2026