Axios_summary

Unit 42 observed a significant supply-chain attack on the Axios JavaScript library after an npm maintainer account was hijacked, leading to malicious releases (v1.14.1 and v0.30.4) that added a hidden dependency, plain-crypto-js. That dependency is a cross-platform RAT targeting Windows, macOS and Linux for reconnaissance, persistence and evasion; analysis links the malware to DPRK-associated activity and the campaign impacted multiple sectors across the U.S., Europe, Middle East, South Asia and Australia.