axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity
2mon 17d ago by reddthat.com/u/limerod in techsploits@reddthat.com from www.stepsecurity.io.png)
Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.
If you were compromised follow the recovery steps mentioned in the article to reduce the damage.
Here's the hacker news discussion: https://news.ycombinator.com/item?id=47582220