Hacker Tries to Spread Malware to Millions by Hitting 'Axios NPM' Software
A hacker compromised a popular software package called Axios, which is downloaded over 100 million times per week, by introducing malicious code that can install malware on computers. The attack was quickly contained, but it may have affected numerous software developers, and the security community is warning of a potential 'supply chain attack'.
A hacker hijacked the account of Axios' lead developer and introduced two malicious software versions. The malicious code uses an instruction to pull from another software project, which can install malware on the computer. The threat is designed to deliver a remote access Trojan, allowing the hacker to access the computer and potentially steal data. The attack only circulated for about three hours before it was taken down. The security community is calling the incident a 'supply chain attack' because any software project that incorporated Axios could have been affected.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.