HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dfreire

no profile record

comments

dfreire
·2 bulan yang lalu·discuss
Looks great!
dfreire
·3 bulan yang lalu·discuss
Very useful, thanks
dfreire
·3 bulan yang lalu·discuss
Absolutely. If you ever did a npm install on a project using one of the affected axios versions, your entire system may be compromised.

> The malicious versions inject a new dependency, [email protected], which is never imported anywhere in the axios source code. Its sole purpose is to execute a postinstall script that acts as a cross platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux. The dropper contacts a live command and control server and delivers platform specific second stage payloads. After execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection.

I strongly recommend you read the entire article.
dfreire
·4 tahun yang lalu·discuss
Same