""Its sole purpose is to execute a postinstall script that acts as a cross-platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux," security researcher Ashish Kurmi said."
""This was not opportunistic. The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct.""
Axios, a widely used HTTP client, was compromised through a supply chain attack involving malicious dependencies in versions 1.14.1 and 0.30.4. These versions introduced 'plain-crypto-js' version 4.2.1, which acted as a remote access trojan (RAT) dropper. The attack exploited the npm credentials of the primary maintainer, allowing attackers to bypass security measures. Users are advised to rotate credentials and downgrade to safe versions. The malicious versions have been removed from npm, and the attack was meticulously planned with self-destructing payloads.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]