DigiNews

Summary

Socket Research Team reports a supply chain attack targeting Axios, injecting a malicious dependency into npm releases (plain-crypto-js 4.2.1). The malware uses a multi-stage payload including a remote access Trojan with platform-specific dropper logic for macOS, Windows, and Linux, and an active set of IOCs and indicators of compromise. The article emphasizes securing release workflows, revoking tokens, and monitoring dependencies to prevent similar breaches.