Overview
- Hackers slipped malicious code into an update for Axios, a widely used open-source library that helps apps talk to web services, creating a trusted path to steal login credentials before the package was removed.
- Google and independent researchers attributed the operation to UNC1069, a group linked to North Korea that has a record of going after cryptocurrency and financial targets.
- Elastic Security reported malware variants for macOS, Windows, and Linux and warned the delivery path could touch millions of environments, though the number of actual infections is not yet known.
- A maintainer’s account was briefly taken over to push the tainted release, and Huntress said it has so far found about 135 compromised devices at roughly 12 companies, describing that as an early snapshot rather than a full count.
- Experts say any stolen credentials could let the attackers pivot into crypto theft and other intrusions, aligning with U.S. assessments that North Korea funds weapons programs with money from past digital heists.