Axios Supply Chain Attack: How Malicious npm Packages Spread Cross-Platform RAT

A recent supply chain attack has targeted the popular HTTP client Axios, resulting in the introduction of malicious dependencies in two newly published versions of the npm package.

Specifically, versions 1.14.1 and 0.30.4 of Axios have been found to inject a fake dependency, ‘plain-crypto-js’ version 4.2.1, which poses a significant threat to users.

According to reports from StepSecurity, the compromised npm credentials of the primary Axios maintainer were used to publish these malicious versions, highlighting the severity of the attack.

The impact of this attack could be far-reaching, with potential consequences for users who have installed the affected versions of Axios.

As the cybersecurity community continues to grapple with the implications of this supply chain attack, it is essential for users to remain vigilant and take proactive steps to protect themselves from potential threats.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Cybersecurity Weekly Recap: Sleeper Cells, LLM Exploits, and Apple’s Age Verification

OpenAI Fixes Critical ChatGPT Security Vulnerabilities to Protect User Data