Axios NPM Supply Chain Attack

Dennis and Lindsey dig into what we know do far about the supply chain attack on the axios NPM package, including how the attacker gained access to the maintainer's account, the window of exposure for the malicious packages, the behavior of the RAT that's installed on victims' machines, and what the downstream effects may be.

Links

Huntress post: https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package

Socket analysis: https://socket.dev/blog/axios-npm-package-compromised