A supply chain attack compromised the Axios npm package via malicious versions 1.14.1 and 1.6.4, which injected a phantom dependency (`plain-crypto-JS`) to execute a postinstall script delivering a cross-platform remote access trojan. The malicious packages have been removed from the npm registry, but any environment that executed `npm install` and resolved to these versions during the approximately 3-hour exposure window is considered compromised. Organizations must audit their environments for these specific Axios versions and the `plain-crypto-JS@4.2.1` dependency.
https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan https://socket.dev/blog/axios-npm-package-compromised https://socket.dev/npm/package/plain-crypto-js/files/4.2.1/setup.js https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat https://gist.github.com/joe-desimone/36061dabd2bc2513705e0d083a9673e7 https://github.com/axios/axios/blob/v1.x/.github/workflows/deprecate.yml Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense