A supply chain attack compromises HTTP client Axios, which has 100M weekly npm downloads, introducing a malicious dependency and deploying a multi-stage payload
Socket Research Team … Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan...