Web-code library with millions of weekly downloads poisoned by malicious release: 'This is unironically a malware nuclear missile'

One of the most popular JavaScript libraries, Axios, was recently the victim of an attack that had fake, malicious versions available to roll out to developers. These malicious versions install a remote access trojan (RAT), which is, as the name implies, a kind of malware that allows an attacker to access compromised devices from a remote location.

Google has identified the attackers responsible as likely being UNC1069, "a financially motivated North Korea-nexus threat actor" that goes by CryptoCore.