A big attack on the JavaScript ecosystem's software supply chain has happened because a bad dependency was added to the axios NPM package, which is used by a lot of people This article explores hacked axios maintainer. . The poisoned releases, axios 1.14.1 and 0.30.4, snuck in plain-crypto-js and quietly sent the WAVESHAPER.V2 backdoor.
This event is important because axios is one of the most popular libraries for handling HTTP requests, and the branches that were affected get a lot of downloads every week. Researchers at Google Cloud found that the attacker probably hacked the axios maintainer account, changed the email address linked to it, and added plain-Crypto-JS version 4.2.1. The company said that UNC1069, a North Korean threat actor with financial goals, was behind the activity.
The malware can get information about the system, make a list of files and folders, run scripts, add or run more payloads, and wait for more commands from the server. If plain-crypto-js is present, defenders should assume that the malware has spread to other computers. Check nearby systems for related activity to stop more abuse.
Speed is very important because early containment can stop more attacks from happening. The National Security Agency's Malware Protection Center (NSPC) and the National Institute of Standards and Technology (NIST) in Washington are two places where you can learn more about how to keep your computer safe. You can get private help by calling the Samaritans at 08457 90 90 90, going to a Samaritans branch near you, or visiting www.samaritans.org. To get help in the U.S., call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/.
If you need help in the UK, call the National Crime Agency at 0300 123 90 90 or the national security unit at 0800 555 111.
