Recently, the NPM package axios found itself targeted by malicious updates, leading to a breach where attackers gained access to the maintainer’s computer and credentials. Details of the attack were unveiled, revealing a social engineering tactic similar to ones previously employed against developers of cryptocurrency wallets and AI platforms.
The attacker, pretending to be the founder of a prominent company, engaged the maintainer in a joint project offer. Initially, the maintainer was invited to a seemingly authentic Slack workspace featuring channels with LinkedIn messages and fabricated profiles of company employees and representatives from other projects.
At a scheduled group discussion on the MS Teams platform, technical issues arose prompting the installation of a required component by the maintainer. Unfortunately, the component turned out to be a Trojan granting remote access to the attackers. The entire setup appeared professional and credible, further highlighting the sophistication of the attack.