""This was not opportunistic. It was precision," Step Security co-founder and Chief Technology Officer Ashish Kurmi said. "The malicious dependency was staged 18 hours in advance. Three payloads were prebuilt for three operating systems. Both release branches were poisoned within 39 minutes of each other. Every artifact was designed to self-destruct.""
""There are zero lines of malicious code inside Axios itself, and that's exactly what makes this attack so dangerous," Kurmi added. "Instead of being the malicious payload, Axios becomes an installer that deletes itself. On MacOS it camouflages itself as a system daemon; on Windows, part of PowerShell; and on Linux it uses a Python script backdoor.""
The Axios HTTP client library was compromised to distribute malware through a hijacked npm account. Attackers exploited this account to install a remote access trojan (RAT) affecting Windows, macOS, and Linux. The attack was meticulously planned, with malicious dependencies staged in advance. Axios, a widely used library with nearly 300 million downloads weekly, was manipulated to act as an installer for the malware, which self-destructed after execution. The attack was particularly dangerous due to the absence of malicious code within Axios itself.
Read at SiliconANGLE
Unable to calculate read time
Collection
[
|
...
]