The Axios team published a postmortem on a recent supply chain attack that injected malware into a release. The attack involved a highly targeted social engineering campaign against a maintainer: attackers cloned a real company's identity, created a convincing Slack workspace, scheduled a Microsoft Teams meeting, and tricked the maintainer into installing a Remote Access Trojan (RAT) disguised as a required software update. The RAT stole credentials used to publish the malicious package. The incident highlights how sophisticated and personalized these attacks have become, and serves as a warning for all open source maintainers.
Sort: