Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
Posted inTechnology

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

No Comments


The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.
Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency.
According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios

Source link

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *