DigiNews

Tech Watch by Johan Denoyer

← Back to articles

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan

Quality: 8/10 Relevance: 9/10

Summary

Two malicious axios releases were published via hijacked maintainer accounts, injecting a fake dependency that triggers a cross-platform RAT via postinstall. The article provides IOCs, a detailed attack timeline, and practical remediation steps to secure npm packages, CI/CD pipelines, and network controls.

🚀 Service construit par Johan Denoyer