A supply chain attack compromises HTTP client Axios, which has 100M weekly npm downloads, introducing a malicious dependency and deploying a multi-stage payload (Socket)

Socket:
A supply chain attack compromises HTTP client Axios, which has 100M weekly npm downloads, introducing a malicious dependency and deploying a multi-stage payload  —  Socket Research Team … Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan …

from Techmeme https://ift.tt/Oyj97mW