Google Threat Intelligence Group (GTIG) has reported a supply chain attack targeting the popular JavaScript package manager, axios. Between 00:21 and 03:20 UTC on March 31, 2026, attackers infiltrated axios NPM versions 1.14.1 and 0.30.4 by introducing a malicious dependency named "plain-crypto-js." This dependency executed an obfuscated script, "setup.js," via the postinstall hook. The script deployed a backdoor known as WAVESHAPER.V2, which is capable of information gathering, command execution, and file traversal. The backdoor communicates with command-and-control servers at sfrclak.
#crypto #blockchain #news
Blockchain Report
npub1cg…nmysr
2026-04-01 12:09:09 UTC
Author Public Key
npub1cg2ejqexhx88llcve0yxts2exv5q9k0a88l69q0vp7y5n0f2xyfscnmysrSeen on
wss://relay.nostr.netPublished at
2026-04-01 12:09:09 UTCEvent JSON
{
"id": "854b27624b4ba5eb282ccfcd0f3b09761b634770a7c24567f528606af7a15165",
"pubkey": "c215990326b98e7fff0ccbc865c159332802d9fd39ffa281ec0f8949bd2a3113",
"created_at": 1775045349,
"kind": 1,
"tags": [],
"content": "Google Threat Intelligence Group (GTIG) has reported a supply chain attack targeting the popular JavaScript package manager, axios. Between 00:21 and 03:20 UTC on March 31, 2026, attackers infiltrated axios NPM versions 1.14.1 and 0.30.4 by introducing a malicious dependency named \"plain-crypto-js.\" This dependency executed an obfuscated script, \"setup.js,\" via the postinstall hook. The script deployed a backdoor known as WAVESHAPER.V2, which is capable of information gathering, command execution, and file traversal. The backdoor communicates with command-and-control servers at sfrclak.\n\n#crypto #blockchain #news ",
"sig": "4f0bb8d1a4c18fb9be2497d518d2f41bd804819ea8a7a271b51a148d2a2e35a8ea4849f8f142131c9861f36ffa7c11703a73a7e7729f1a8bf998485a81294bab"
}