\n<\/p>\n
A hacker has hijacked and modified a popular open-source software development tool to deliver malware that could put millions of developers at risk of being compromised.<\/p>\n
On Monday, a hacker pushed malicious versions of the widely used JavaScript library called Axios, which developers rely on to allow their software to connect to the internet. The affected library was hosted on npm<\/a>, a software repository that stores code for open-source projects. Axios is downloaded tens of millions of times<\/a> every week.\u00a0<\/p>\n The hijack was spotted and stopped in around three hours overnight on Monday into Tuesday, according to security firm StepSecurity, which analyzed the attack<\/a>.\u00a0<\/p>\n Hackers are increasingly targeting developers of popular open-source projects in an effort to mass-hack anyone who relies on the compromised code, potentially granting the hackers access to vast numbers of affected devices. These kinds of widespread breaches are called supply chain attacks<\/a> because they target software that allows hackers to then hack whoever downloaded the compromised software. In recent years, hackers have targeted companies like 3CX<\/a>, Kaseya<\/a>, and SolarWinds<\/a>, as well as open source tools such as Log4j<\/a> and Polyfill.io<\/a>, to target large numbers of their users.<\/p>\n It\u2019s unclear at this point how many people downloaded the malicious version of Axios during that timespan. Security company Aikido, which also investigated the incident<\/a>, said anyone who downloaded the code \u201cshould assume their system is compromised.\u201d<\/p>\n \t\t\tDo you have more information about this hack? Or other supply chain attacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email<\/a>.<\/a> \t\t<\/div>\n The hacker was able to slip malicious code inside Axios by compromising the account of one of the project\u2019s primary developers, who was authorized to push out updates. The hacker replaced the legitimate developer\u2019s email address on the account with their own, making it more difficult for the developer to regain access.<\/p>\n Once in control of the account, the hacker inserted malicious code designed to deliver a remote access trojan, or RAT \u2014 essentially malware that can give hackers full, remote control of a victim\u2019s computer. The hacker then pushed out new versions of Axios in a legitimate-looking update for Windows, macOS, and Linux users.\u00a0<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span> The hackers also designed the malware, as well as some of the code used to deliver it, to automatically delete itself after installation in an attempt to hide from anti-malware engines and investigators, according to security researchers.<\/p>\n<\/div>\nContact Us<\/h4>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n