Researchers found a serious supply chain attack on Axios, a popular HTTP client for JavaScript that gets over 70 million downloads a week This article explores attack axios. . A bad dependency that installs remote access trojans broke into two updated versions of the package.

Microsoft Threat Intelligence says that Sapphire Sleet, a North Korean state-sponsored threat actor that uses AI and social engineering, is behind this campaign. Companies that have installed Axios versions 1.14.1 or 0.30.4 must take action right away to fix the problem. The breach was carried out using a method known as dependency insertion, which lets code run silently during installation. They put a native binary called com.apple.act.mond into the cache directory on macOS systems and run it in the background without anyone knowing.

A PowerShell trojan is used in Windows environments.

This variant makes the malware stay on the computer by adding a registry run key that makes it start up every time a user logs in. Microsoft Defender has already put in place full protections on endpoints and cloud resources. It automatically finds and blocks these specific malicious components to keep organizations from being further compromised.

Organizations should remove caret (^) or tilde (~) symbols from their package.json files to stop unauthorized updates. This will stop automated dependency upgrades. It is recommended that security teams use the npm cache clean –force command to clear local package caches and check network egress logs for any connections to malicious infrastructure.