Lucas Bento

Almost got hacked this morning - here's a replay of what happened: 1. A VC whom I've met in person reached out for a catchup 2. She sent me a Microsoft Teams link a few min ahead of the meeting 3. When I joined, it asked me to download update script 4. Got a funny feeling and ended the call immediately 5. Claude inspected the file and it was indeed malicious Not sure if this person was just hacked or a bad actor, but I wanted to post this as a PSA. Stay safe.

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.