Supply-Chain Attack — CraftedSignal Threat Feed

Axios npm Package Compromised via Social Engineering

hello@craftedsignal.io — Sat, 04 Apr 2026 20:30:42 +0000

On April 4, 2026, the maintainers of the Axios HTTP client disclosed a social engineering attack targeting one of their developers. The attack, attributed to the North Korean threat actor UNC1069, involved impersonating a legitimate company to build trust with the targeted developer. The attacker used a fake Microsoft Teams update disguised as a critical error fix to deploy a remote access trojan (RAT). This RAT allowed the attackers to gain access to the developer’s system and npm credentials. The attackers then published two malicious versions of Axios (1.14.1 and 0.30.4) to the npm package registry. These malicious versions included a dependency called plain-crypto-js, which installed a RAT on macOS, Windows, and Linux systems. These versions were available for three hours, posing a supply chain risk to any systems that installed them during that period.

Attack Chain

The attacker identifies a target developer and initiates contact via LinkedIn/Slack, impersonating a legitimate company.
The attacker invites the developer to a Slack workspace populated with fake profiles and staged company activity.
A meeting is scheduled on Microsoft Teams, during which a fake “RTC Connection” error message is displayed.
The attacker prompts the developer to install a “Teams update” to resolve the error.
The fake update is a RAT malware, granting the attacker remote access to the developer’s machine.
The attacker steals the developer’s npm credentials, bypassing MFA due to already authenticated session.
The attacker publishes malicious versions of the Axios package (1.14.1 and 0.30.4) to the npm registry, injecting the plain-crypto-js dependency.
Systems installing the compromised Axios versions download and execute the plain-crypto-js package, resulting in RAT deployment and credential theft.

Impact

The compromise of the Axios npm package created a supply chain attack impacting an unknown number of systems across various sectors. Systems that installed the malicious versions (1.14.1 and 0.30.4) within the three-hour window are considered compromised. Successful exploitation results in the installation of a remote access trojan (RAT) capable of stealing credentials, browser data, and other sensitive information from macOS, Windows, and Linux systems. This can lead to further unauthorized access, data breaches, and potential financial loss.

Recommendation

Monitor npm package installations for the presence of the plain-crypto-js dependency, particularly in projects that use Axios versions 1.14.1 or 0.30.4.
Implement multi-factor authentication (MFA) for npm accounts and other developer accounts, but recognize that authenticated sessions can be hijacked.
Deploy the Sigma rule “Detect Suspicious NPM Package Installation” to detect potentially malicious package installations based on unusual parent processes (see below).
Block the domain associated with the malicious dependency plain-crypto-js at the DNS resolver.
Educate developers about social engineering tactics and the risks of installing software from untrusted sources.

TrueConf Zero-Day Exploitation Leading to Arbitrary Code Execution

hello@craftedsignal.io — Thu, 02 Apr 2026 12:00:00 +0000

A threat actor, possibly with Chinese nexus, is exploiting CVE-2026-3502, a zero-day vulnerability in TrueConf versions 8.1.0 through 8.5.2. This vulnerability allows attackers to replace legitimate software updates with malicious variants, leading to arbitrary code execution on connected clients. The attacks, tracked as “TrueChaos” since the beginning of 2026, have targeted government entities in Southeast Asia. TrueConf, a video conferencing platform popular among military forces, government agencies, oil and gas corporations, and air traffic management companies, saw increased adoption during the COVID-19 pandemic. The attacker exploits the lack of integrity check in the update mechanism to deliver malware disguised as a legitimate TrueConf update. A fix was released in version 8.5.3 in March 2026.

Attack Chain

The attacker gains control of an on-premises TrueConf server.
The attacker replaces the expected update package with a malicious executable file.
The compromised TrueConf server distributes the malicious update to connected clients.
Clients trust the server-provided update without proper validation and download the malicious file.
The malicious file is executed under the guise of a legitimate TrueConf update, initiating DLL sideloading.
Reconnaissance tools such as tasklist and tracert are deployed.
Privilege escalation is attempted using UAC bypass via iscsicpl.exe.
Persistence is established, and network traffic indicates potential deployment of the Havoc C2 framework for further command execution and payload delivery.

Impact

The successful exploitation of CVE-2026-3502 allows attackers to execute arbitrary code on all TrueConf clients connected to a compromised server. This can lead to widespread malware infections, data theft, and potential compromise of sensitive systems, especially in sectors like government, military, and critical infrastructure that heavily rely on TrueConf for secure communications. The number of affected organizations is potentially high, considering that over 100,000 organizations transitioned to TrueConf during the COVID-19 pandemic.

Recommendation

Upgrade TrueConf servers to version 8.5.3 or later to patch CVE-2026-3502.
Monitor for the presence of poweriso.exe or 7z-x64.dll on endpoints, as these are strong indicators of compromise.
Investigate systems with suspicious artifacts like %AppData%\Roaming\Adobe\update.7z or iscsiexe.dll.
Deploy the Sigma rule “Suspicious TrueConf Update Execution” to detect malicious updates executing from the TrueConf directory.
Monitor network traffic for connections to known Havoc C2 infrastructure.

TeamPCP Backdoors Telnyx PyPI Package with Steganographic Malware

hello@craftedsignal.io — Sat, 28 Mar 2026 12:00:00 +0000

On March 27, 2026, the Telnyx package on the Python Package Index (PyPI) was compromised by the threat actor TeamPCP. Malicious versions 4.87.1 and 4.87.2 were uploaded, containing credential-stealing malware concealed within WAV audio files. This supply-chain attack targeted developers using the Telnyx Python SDK, a popular package with over 740,000 monthly downloads, used for integrating communication services into applications. The malicious code resides in the telnyx/_client.py file and executes upon import. The compromise is believed to have originated from stolen credentials for the publishing account on the PyPI registry. TeamPCP has been linked to previous supply-chain attacks and wiper campaigns against Iranian systems, highlighting the group’s focus on disrupting software development and infrastructure.

Attack Chain

TeamPCP gains unauthorized access to the Telnyx PyPI account, likely through credential theft.
Malicious versions 4.87.1 and 4.87.2 of the Telnyx package are published to PyPI.
When a developer installs the compromised Telnyx package, the telnyx/_client.py file is executed upon import.
On Linux and macOS, a detached process is spawned to download a second-stage payload disguised as a WAV audio file (ringtone.wav) from a remote command-and-control (C2) server.
Steganography is used to hide malicious code within the WAV file’s data frames.
The embedded payload is extracted using an XOR-based decryption routine and executed in memory.
The malware harvests sensitive data, including SSH keys, credentials, cloud tokens, cryptocurrency wallets, and environment variables.
If Kubernetes is present, the malware enumerates cluster secrets and deploys privileged pods to access underlying host systems. On Windows, a different WAV file (hangup.wav) is downloaded that extracts and saves an executable named msbuild.exe to the startup folder for persistence.

Impact

This supply chain attack could result in widespread compromise of systems utilizing the Telnyx Python SDK. Over 740,000 monthly downloads indicate a large potential victim pool. Stolen credentials and secrets can lead to unauthorized access to cloud resources, sensitive data exfiltration, and further lateral movement within compromised networks. For systems running Kubernetes, the attacker could gain control over the entire cluster, leading to significant disruption and data loss. Developers who installed the malicious packages are advised to consider their systems fully compromised and rotate all secrets as soon as possible.

Recommendation

Identify and remove Telnyx versions 4.87.1 and 4.87.2 from all environments, reverting to version 4.87.0 as recommended by the vendor.
Monitor network connections for processes spawned by Python interpreters (python.exe, python3) attempting to download files with the .wav extension, using the “Detect Suspicious Python WAV Download” Sigma rule provided below.
Implement stricter controls and multi-factor authentication for PyPI accounts used to publish packages to prevent similar supply chain attacks.
Deploy the “Detect msbuild.exe in Startup Folder” Sigma rule to identify potential persistence attempts on Windows systems.
Rotate all secrets and credentials on any system that has imported the malicious Telnyx package.