Mux is the best video API for developers. Get $50 in free credits - https://mux.com/fireship

Yesterday, a precision-guided remote access trojan was discovered in Axios, a JavaScript library with over 100 million downloads on npm. But this wasn't your average RAT - let's take a look at how this highly sophisticated attack was pulled off and what to do if you're compromised.

#coding #programming #hack 

ℹ️ More Info:
- https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

🔖 Topics Covered
- What is Axios
- Axios RAT attack
- What to do if you're compromised

Want more Fireship?

🗞️ Newsletter: https://bytes.dev
🧠 Courses: https://fireship.dev

Fireship is a YouTube channel created by Jeff Delaney that offers quick tutorials and explanations on web development, programming, and tech trends. Known for the “100 Seconds of Code” and “The Code Report” series, the channel breaks down complex topics in a short, engaging format, covering everything from JavaScript frameworks to emerging technologies.

Fireship

Two malicious versions of Axios were published to the npm registry containing a sophisticated supply chain attack. The attacker compromised the project maintainer's npm account and injected a rogue dependency (plain-crypto-js) that runs a post-install script to download a Remote Access Trojan (RAT) from a command-and-control server. The RAT steals credentials (AWS keys, API tokens, etc.), then deletes itself to avoid detection. Developers are advised to check their package.json for the affected versions, inspect node_modules for plain-crypto-js, run detection commands for their OS, and immediately rotate all API keys if compromised.

Millions of JS devs just got penetrated by a RAT…