Details of axios NPM package maintainer credential hijacking revealed

The maintainer of the axios NPM package, for which malicious updates were recently released, disclosed details of an attack that allowed attackers to gain access to his computer and all his credentials. The attack was carried out using a standard social engineering method previously used to compromise the developers of crypto wallets and AI platforms.

The attacker posed as the founder of a well-known company and proposed a joint project. Initially, the supporter was invited to a Slack workspace that appeared realistic, contained channels with LinkedIn messages, and featured fake profiles of company employees and representatives of other public projects.

Some time later, a group discussion was scheduled, organized using the MS Teams platform. During the meeting, technical difficulties arose, blamed on the lack of a necessary add-on on the maintainer's side. The maintainer installed the missing component, which turned out to be a Trojan horse, granting the attackers remote access to the system. The entire incident was professionally staged and appeared plausible.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers πŸ”₯ Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster