Mastodawn

Just helping to spread the word: The widely used NPM package "Axios" fallen victim to supply chain poisoning. The versions 1.14.1 and legacy 0.30.4 are poisoned with a RAT after the lead maintainer of Axios had his dev account taken over at midnight. At 00:22 the RAT went online and stayed up for around 3h before being taken down by NPM security.

Below, you'll find references as shared by the security researcher John Hammond of the ITsec company "Huntress"

#axios #supplychainattack #infosec

Show thread

ℂ𝕖𝕝𝕖𝕤𝕥𝕖@world: /# ▯2d ago

https://github.com/axios/axios/issues/10604

https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

https://socket.dev/blog/axios-npm-package-compromised

https://socket.dev/npm/package/plain-crypto-js/files/4.2.1/setup.js

https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat

https://gist.github.com/joe-desimone/36061dabd2bc2513705e0d083a9673e7

[email protected] and [email protected] are compromised · Issue #10604 · axios/axios

more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...

GitHub

Show thread

ℂ𝕖𝕝𝕖𝕤𝕥𝕖@world: /# ▯

Here is a link to Hammonds video on YouTube in which he quickly shares the situation:

https://youtube.com/watch?v=A58cV17avpM

HUGE npm axios supply chain attack

YouTube