A suspected North Korean hacker hijacked the popular JavaScript library Axios, injecting malware that could put millions of developers at risk. Axios, relied on to connect software to the internet, is downloaded tens of millions of times weekly and was hosted on npm, a major software repository.
The attack was detected and halted within three hours, according to security firm StepSecurity. The hacker compromised a primary developer’s account, replacing the email to gain control, then pushed malicious updates for Windows, macOS, and Linux. The malware included a remote access trojan capable of giving attackers full control of infected systems.
Security firm Aikido warned anyone who downloaded Axios during the compromise should assume their systems are at risk. Google linked the attack to North Korean threat actor UNC1069, noting the country’s history with supply chain attacks aimed at stealing cryptocurrency.
The malware was designed to delete itself after installation, making detection difficult. The incident underscores the increasing threat to developers via supply chain attacks, which have previously targeted tools such as Log4j, Polyfill.io, and companies like 3CX, Kaseya, and SolarWinds.
