📦 Open Source

North Korean Hackers Fake a Company to Pwn Axios Maintainer – RAT in 100M Downloads

Picture this: a Teams call with 'colleagues' from a polished fake company. One 'update' click later, North Koreans control your machine and poison a library with 100 million downloads. Open source just got conned.

DevTools Feed Apr 03, 2026 4 min read

Fake Slack workspace branded for phishing attack on axios maintainer

⚡ Key Takeaways

North Koreans used pro-level social engineering: fake Slack/Teams/company to RAT an axios maintainer.
npm lacks OIDC enforcement; 2FA useless against full machine control.
Scanners caught it fast, but 3 hours exposed millions—verify provenance always.

Published by

DevTools Feed

Ship faster. Build smarter.

#axios supply chain attack #north-korean-hackers #npm-security #social-engineering-oss

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by dev.to

⚡ Key Takeaways

The 60-Second TL;DR

DevTools Feed

Share this article

Worth sharing?

Related Stories

Python Dev's Laravel IAM Gambit: Fixing RBAC or Just Another Package?

Open-Sourced BIP-39 Scanner Hunts Lost Seeds in Raw Disk Sectors

Storm: The Terminal UI Framework That Actually Skips the Boring Bits

TinyGo: Finally Bringing Go to Tinies and Web

Stay in the loop