Supply Chain Breach Affects Well-Known Axios npm Package with 300 Million Downloads
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Quick Overview
- A recent supply chain breach has affected the widely used Axios npm library.
- With over 300 million weekly downloads, Axios significantly influences developers globally.
- Malicious actors released a harmful package, plain-crypto-js@4.2.1, via a compromised maintainer account.
- The malicious software targets Windows, Linux, and macOS systems, deploying a remote access Trojan (RAT).
- Experts recommend locking to secure Axios versions to prevent potential breaches.
Overview
The popular JavaScript library Axios, which achieves an impressive 300 million weekly downloads, has become the latest victim of a complex supply chain attack. This incident has raised concerns within the developer community and highlighted the weaknesses present in software supply chains.
Details of the Attack
The attack initiated with the hijacking of the npm account belonging to Axios’s main maintainer, Jason Saayman. The attacker altered the account email to an anonymous ProtonMail address, disseminating the harmful package through npm’s command-line interface, evading GitHub’s continuous integration processes.
Security firm Socket identified a harmful dependency, plain-crypto-js@4.2.1, while the attacker methodically orchestrated the breach over an 18-hour span, first publishing a legitimate version to build trust.
Impact of the Malware
The malicious payload targets various platforms, including Windows, Linux, and macOS, to introduce a remote access Trojan (RAT). The sophisticated attack employs obfuscation and anti-analysis methods, offering robust RAT functionalities.
Suggested Measures
Developers utilizing Axios are encouraged to promptly secure their projects by locking to safe version axios@1.14.0 or axios@0.30.3 to avert any possible breach. Additionally, tracking network logs for any activity connecting to the C2 server at sfrclak.com or the IP address 142.11.206.73 can aid in identifying intrusions.
Final Thoughts
While the individuals behind the breach remain unknown, the lack of evidence for cryptocurrency mining or ransomware points to an intention beyond financial profit. The assault seems to be an intelligence-gathering initiative, potentially linked to an advanced persistent threat (APT) group.
Recap
The Axios npm library, essential for many developers, has experienced a serious supply chain breach that threatens numerous systems around the world. Maintaining vigilance and following recommended security practices are imperative to counteract this risk.
Reader questions
Frequently asked questions
Fast answers to the questions readers ask most about Supply Chain Breach Affects Well-Known Axios npm Package with 300 Million Downloads.
What is Axios?
Axios is a widely utilized JavaScript library that offers an HTTP client for making requests, frequently adopted in web development.
How was the Axios package compromised?
The npm account of the maintainer for Axios was breached, enabling attackers to upload a malicious package via npm’s command-line interface.
What actions should developers take to safeguard their projects?
Developers should promptly lock their projects to safe versions, axios@1.14.0 or axios@0.30.3, and watch for any suspicious network activity.
Is there any information about who may be behind the attack?
At this moment, there is no definitive information regarding the attackers, but the operation implies it could be orchestrated by an advanced persistent threat (APT) group.
What makes this attack noteworthy?
Given the extensive reliance on Axios, the attack has widespread implications, exposing vulnerabilities in software supply chains and underscoring the necessity for enhanced security measures.
