in the span of about two hours:>a nuclear bomb of malware hits the Internet (The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package tthat installs a RAT on your machine)>Google officially warns that crypto is fucked if it doesn’t get post quantum immediatelyThe payload is a cross-platform RAT:>macOS: binary disguised under Apple cache naming conventions>Windows: hidden PowerShell script with execution policy bypass>Linux: Python RAT dropped to /tmpThe dropper self-destructs post-execution – inspecting node_modules after the fact reveals nothing.
>>108492754Lucky for me. I never update. Use a firewall and am still on win 7 soooo doubt this affects me
>>108493743>can't hack or anything I have nortonHahahahaha
>>108492754buffet aint been shit since Charlie quit
>>108492754>linuxI have /tmp as separated partition (with /var/tmp bound) with noexec, nosuid and nodev. Suck my dick.
>>108492754>two hoursthat google quantum thing was last week.
>>108492754>a RATWill mouse traps around the computer help
>>108494156>mouse trapwhen was the last time you seen a RAT?They're big bastards now, and getting bigger. They'll bust your door in and laugh at your 'mouse traps'. Pretty soon, you'll need bear traps for the fuckers.
>>108492754That didn't happen, stop making shit up
>>108492754>using axios instead of tanstacklol
>>108492754Post quantum chains exist already, the issue is that known quantum resistance encryption isn't yet tested to be resistant to conventional attacks, IIRC one of the quantum algorithms was already bruteforced manually
>>108492754>Linux: Python RAT dropped to /tmp>reboot computerfixed>she doesn't use a POSIX-compliant distrongmi
Claude scanned and removed all the viruses after 45 seconds, AI Chads keep winning
wtf, isn't axios that news site that looks AI written but totally isn't?
>>108494279I thought it's that async http request js package used in react slop
>>108494232>tfw in the giant RATs timeline
>>108494299Yes; but much wider than React-slop alone. It has 170k+ direct dependents. And that's ONLY the direct dependents.The axios package is literally one of the widest used packages in the entire NPM ecosystem.
axios news on axios npm:https://www.axios.com/2026/03/31/north-korean-hackers-implicated-in-major-supply-chain-attack
imagine using axios when fetch existsfucking losers
axios had no use case
I've never heard of Axios before, will this affect me?
>>108494701this will affect every vibeslopper because the trash LLMs make you use axios instead of fetch lmao. get rekted bitches
>>108494617imagine using fetch when XMLHttpRequest existsfucking zoomers
>>108494730So am I basically fine if I don't run AI shit on my PC and just use Firefox?
>>108494743yeah, should be
Faggots who use Javascript and Python deserve this. Learn C and lower my RAM usage, kthxbai
>>108492754do any important programs use that shit or is it a Nichtsburger
>>108494232>>108494232el RATo
>>108492754put /tmp on a log file system(lol)
OH SHIT A RAT
>>108493743windows 7, famously unhackable. kek.
JS-bros... do we have them rabies...?
>>108494232thinly veiled xfce propaganda
Does this affect website users or only webdevs?
>>108494544not clicking that malware link
>>108492754>axioswhat's wrong with fetch?
>>108494232I've seen rats about 30 or 40cm of body length like 10 years ago around my summer house, can't imagine how big they could have gotten now if they keep getting bigger.
>>108495690>10 years agotrust me, you don't wanna knowHumanity is asleep on this, what will soon be Public Enemy Numero Uno. The RAT got expert at hiding, breeding and growing the fuck bigger. Soon, its us who'll need to be hiding.
>>108492754If I don't have npm installed, am I safe? I'm a retard who just updated his whole Linux system (including Python) a few days ago.
>>108492754>execution policy bypassproperly configured machine prevents this
>>108495684nothing. nowadays fetch is the better way.it's just vibe code sloppers don't know shit and use what their overlord suggests, and it is suggesting Axios most of the time.
>>108492754>read the github page>doesnt even attempt to explain what it isgoogle is now filled with useless zero information news articles. is there anywere an actual attempt to list compromised software which depends on this slop?
>>108496563https://safedep.io/axios-npm-supply-chain-compromise/
Using Win98 here. Security through obscurity, bitch. Noone bothers to make malware for something that's not used widely.
>>108496734The real reason is that they know that you're so poor that you have nothing worth stealing.
>>108496933nta but getting a good Windows 98 setup is quite expensive. most people's macbooks are worth less.
