Top npm package backdoored to drop dirty RAT on dev machines
www.theregister.com
Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios

Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios One of npm’s most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer’s account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what’s being described as “one of the most impactful npm supply chain attacks on record.”…