North Korean hackers have launched sophisticated supply chain attacks targeting U.S. cryptocurrency firms through a compromised Axios software package, according to security researchers. The attackers controlled the software developer's npm account for three hours on Tuesday morning, pushing malicious updates to organizations that downloaded the widely-used HTTP client library.
The attack inserted malware as a new dependency called 'plain-crypto-js' rather than modifying Axios directly, helping bypass security checks. Once installed, the package deployed cross-platform remote access trojans (RATs) for Windows, macOS, and Linux systems, allowing attackers direct access to steal credentials and deploy additional malware like keyloggers.
Axios is extensively used by cryptocurrency firms, blockchain developers, and fintech companies, making this a targeted attack on the crypto ecosystem. Security experts believe this is part of a 'long-term campaign' by North Korean hackers to steal cryptocurrency for funding nuclear and missile programs. Google Threat Intelligence Group attributed the attack to financially motivated North Korea-nexus actors, warning of potential software supply chain attacks, ransomware events, and cryptocurrency theft in the near term.
