A cyberattack on the popular JavaScript library Axios has put developers and companies worldwide at risk.
Threat actors managed to access the main administrator’s account on npm, the repository where these libraries are downloaded, and uploaded fake versions of the package that included RAT (remote access trojan) malware capable of remotely controlling devices.
The compromised versions are axios@1.14.1 and axios@0.30.4. Upon installation, a script was automatically executed that downloaded a virus compatible with Windows, macOS, and Linux, without the user noticing. With this installed, cybercriminals can perform countless malicious activities on the compromised devices.
Additionally, the malware was designed to self-destruct after infection, making detection difficult. For greater ‘camouflage,’ it replaces files with clean versions.
Attacking the source
This type of threat, known as a ‘supply chain attack,’ does not directly affect users but rather the tools that millions of developers use every day.
In the case of Axios, this is especially concerning, as the library is downloaded more than 100 million times per week, rapidly multiplying the reach of the incursion.
Although the attack was active for less than three hours, it was enough for several projects to be compromised, including automated development pipelines and enterprise environments. Experts recommend those who have installed these versions avoid using them, review their systems, and strengthen the security of their npm accounts.
