Inside the Axios supply chain compromise - one RAT to rule them all

Elastic Security Labs has identified a significant supply chain compromise affecting the axios npm package, which sees approximately 100 million weekly downloads. By hijacking a maintainer's account, attackers published backdoored versions (1.14.1 and 0.30.4) that leverage a malicious postinstall hook. This hook triggers a multi-stage infection process that delivers platform-specific Remote Access Trojans (RATs) to Windows, macOS, and Linux systems. The investigation revealed that while the stage-2 implants are written in different languages—PowerShell for Windows, C++ for macOS, and Python for Linux—they utilize an identical C2 protocol, command set, and beacon cadence. The campaign includes sophisticated anti-forensic techniques, such as self-deletion and manifest swapping to hide the malicious activity. Attribution points to a DPRK-linked threat cluster known as UNC1069, utilizing tools with significant overlap with the WAVESHAPER backdoor. Read Full Article

Inside the Axios supply chain compromise - one RAT to rule them all

Related Articles

The Age of Personalized Software

Automating Checkout Add-On Recommendations in WordPress for WooCommerce

Start Here: Learning to develop your own way with SCSIC

Vibe Coding Isn’t for Everyone (And That’s the Point)

Sometimes We Make Mistakes (Meta’s Cost $80 Billion)

Related Articles

How-To
The Age of Personalized Software
Medium Programming • 5h ago

How-To
Automating Checkout Add-On Recommendations in WordPress for WooCommerce
Dev.to • 5h ago

How-To
Start Here: Learning to develop your own way with SCSIC
Medium Programming • 9h ago

How-To
Vibe Coding Isn’t for Everyone (And That’s the Point)
Medium Programming • 11h ago

How-To
Sometimes We Make Mistakes (Meta’s Cost $80 Billion)
Medium Programming • 11h ago