Sources
Axios npm Package Compromised: Supply Chain Attack Deploys Cross-Platform RAT on 83M Weekly Downloads
The Axios npm package (83M weekly downloads) was compromised on March 31 via hijacked maintainer credentials ('jasonsaayman'), with versions 1.14.1 and 0.30.4 injecting a 'plain-crypto-js' trojan dropper targeting macOS, Windows, and Linux. StepSecurity discovered the breach; the attacker pre-staged the malicious dependency, double-obfuscated the dropper, built platform-specific RATs with anti-forensic self-deletion, and contacted C2 at sfrclak.com:8000. Malicious versions removed within 3 hours but any project that ran npm install during that window needs credential rotation and artifact forensics immediately.
↳ Follow the thread