Ricard Torres πŸ‘¨β€πŸ’»

"axios Compromised on npm - Malicious Versions Drop Remote Access Trojan"

πŸ”— https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

Mar 31 at 9:21pmWeb
Show threadRicard Torres πŸ‘¨β€πŸ’»6d ago

In case you prefer video instead of text on the #Axios attack

https://www.youtube.com/watch?v=o7NYXvYohYk

Millions of JS devs just got penetrated by a RAT…

YouTube