axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

URL

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

Description

To quote the article: "This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package". A very scary hack, if you're a developer. (For non developers: I would not like to guess how many websites will have axios in their Javascript - these days, there's a fair chance the answer is "most".). In practical terms, it's nothing for non-devs to worry about directly - the attack is focused on the servers that hold the javascript, rather than the users of the websites - but indirectly, the number of computers that might have been compromised is terrifying.

Tags