Cisco Talos has identified a supply chain attack targeting the Axios npm package, affecting versions v1.14.1 and v0.30.4. The attack leverages a malicious dependency, plain-crypto-js, which executes automatically post-install to deliver platform-specific remote access trojans (RATs) to Linux, MacOS, and Windows environments from actor-controlled infrastructure.
Impacted organizations are urged to roll back to secure versions (v1.14.0 or v0.30.3) and treat any credentials on affected systems as compromised. Security teams should investigate their environments for indicators of compromise, such as connections to the IP address 142.11.206.73 and specific file hashes associated with the malicious payloads.
Top comments (0)