Just helping to spread the word: The widely used NPM package "Axios" fallen victim to supply chain poisoning. The versions 1.14.1 and legacy 0.30.4 are poisoned with a RAT after the lead maintainer of Axios had his dev account taken over at midnight. At 00:22 the RAT went online and stayed up for around 3h before being taken down by NPM security.
Below, you'll find references as shared by the security researcher John Hammond of the ITsec company "Huntress"
https://github.com/axios/axios/issues/10604
https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package
https://socket.dev/blog/axios-npm-package-compromised
https://socket.dev/npm/package/plain-crypto-js/files/4.2.1/setup.js
https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat
https://gist.github.com/joe-desimone/36061dabd2bc2513705e0d083a9673e7
more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...
Here is a link to Hammonds video on YouTube in which he quickly shares the situation:
โ๐๐๐๐ค๐ฅ๐@world: /# โฏ