"The social engineering campaign was elaborate. Attackers cloned the identity of a real company founder, set up a convincingly branded Slack workspace complete with fake team profiles, and scheduled a Microsoft Teams meeting."
"Despite 2FA being active, once the RAT was on his machine, attackers had full control over everything on it, bypassing all software-based authentication measures entirely."
"Both malicious versions injected a fake dependency, namely plain-crypto-js@4.2.1, that ran a post-install script delivering the RAT."
Axios, a widely used JavaScript HTTP library, was compromised for three hours, distributing Remote Access Trojans. The attack was attributed to North Korean group UNC1069, known for targeting cryptocurrency companies. The attackers executed an elaborate social engineering campaign, impersonating a company founder and creating a fake Slack workspace. During a Microsoft Teams meeting, the lead maintainer was tricked into installing the RAT. Despite having two-factor authentication, the attackers gained full control over the machine. Malicious versions injected a fake dependency that executed a harmful post-install script.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]