Attack on axios software developer tool threatens widespread compromises
CyberScoop • • business
Key Points:
- A hacker briefly compromised the npm account of the lead maintainer of Axios, a widely used JavaScript client library with around 100 million weekly downloads, and published malicious versions containing remote access trojans.
- The malicious Axios versions injected a fake dependency, plain-crypto-js@4.2.1, which acted as a loader for malware targeting MacOS, Windows, and Linux, though no malicious code was found directly in Axios itself.
- Approximately 600,000 downloads of the poisoned Axios versions occurred before the malicious packages were removed, raising concerns about widespread credential theft and potential further attacks on cloud and developer platforms.
- Cybersecurity firms characterized the incident as a highly impactful supply chain attack, with Google attributing it to a suspected North Korean hacking group known as UNC1069, experienced in cryptocurrency theft via supply chain compromises.
- Experts advise developers to pin Axios versions and audit lockfiles immediately, warning against upgrading to potentially compromised versions to mitigate ongoing risks from this attack.
![Pixel 11 Pro is thinner, but mostly the same in first leak [Gallery]](https://media-cdn.cashwalklabs.io/https%3A%2F%2Fi0.wp.com%2F9to5google.com%2Fwp-content%2Fuploads%2Fsites%2F4%2F2026%2F03%2Fgoogle-pixel-11-pro-onl-2.webp%3Fresize%3D1200%252C628%26quality%3D82%26strip%3Dall%26ssl%3D1?format=webp&w=120&h=80){kind=tracking}
