"The attackers posed as representatives of a legitimate-seeming technology company, creating a convincing Slack workspace complete with fabricated employee profiles, company branding, and professional onboarding materials."
"Once they had remote access to the maintainer's development machine, the hackers published compromised Axios versions (reported as 1.7.8 and 1.7.9) to npm."
"The malicious packages contained obfuscated code designed to exfiltrate environment variables, authentication tokens, and stored credentials from any system that installed or updated to the affected versions."
In April 2025, North Korean hackers compromised the Axios HTTP library by socially engineering its maintainer. They created a fake technology company and engaged the maintainer in discussions about sponsorship. After building rapport, they invited him to a video meeting that installed malware on his machine. The attackers then published malicious versions of Axios to npm, which contained code to exfiltrate sensitive data. These compromised versions were available for about 72 hours before being removed, potentially exposing credentials and private keys across numerous applications.
Read at Silicon Canals
Unable to calculate read time
Collection
[
|
...
]