Summary
A supply chain attack on the Axios npm package introduced a malicious dependency, plain-crypto-js@4.2.1, which functions as an obfuscated dropper to execute shell commands and stage payloads.
Take Action:
If you use Axios in your projects, immediately check your dependency trees and lockfiles for axios@1.14.1, axios@0.30.4, or plain-crypto-js@4.2.1. If found, roll back to a known safe version. Rebuild any releases deployed between March 30th and 31st. If there is any building on March 30th or 31st, audit in depth and rotate all secrets and credentials on any system where these versions were present, as the malware was designed to execute commands and steal data from compromised hosts.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)