SlowMist
SlowMist|Mar 26, 2026 04:30
🚨 Security Alert: Supply Chain Attack on Apifox Desktop Client Yesterday, we detected a supply chain attack in which a front-end script file hosted on #Apifox’s official CDN was injected with heavily obfuscated malicious JavaScript code. ⚡ Impact on Apifox Desktop Client (Electron-based): Once loaded, the script can: 🔹 Silently steal credentials 🔹 Exfiltrate sensitive data 🔹 Execute remote commands (RCE) — no user interaction required 🛑 What’s at risk? • 🔑 accessTokens & account credentials • 💻 Local system & environment data • 📡 API requests & sensitive context • 🕵️ Persistent remote control via C2 ⚠️ Why this is dangerous: The malicious code is appended to legitimate analytics logic and automatically executed at runtime, making it highly stealthy and difficult to detect. 👥 Who may be affected: Apifox desktop users, especially those with: • Stored tokens • API integrations • Active development environments 🛠️ What to do now: ✅ Revoke all tokens & reset passwords ✅ Log out & re-login to invalidate sessions ✅ Block *.apifox.it.com ✅ Clear localStorage (_rl_headers, _rl_mc) ✅ Review API logs & abnormal activity 📖 Read more: 👉 https://medium.com/@slowmist/security-alert-supply-chain-attack-on-apifox-desktop-client-via-compromised-official-cdn-script-bc3870992564(SlowMist)
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads