SlowMist|Mar 26, 2026 04:30
🚨 Security Alert: Supply Chain Attack on Apifox Desktop Client
Yesterday, we detected a supply chain attack in which a front-end script file hosted on #Apifox’s official CDN was injected with heavily obfuscated malicious JavaScript code.
⚡ Impact on Apifox Desktop Client (Electron-based):
Once loaded, the script can:
🔹 Silently steal credentials
🔹 Exfiltrate sensitive data
🔹 Execute remote commands (RCE) — no user interaction required
🛑 What’s at risk?
• 🔑 accessTokens & account credentials
• 💻 Local system & environment data
• 📡 API requests & sensitive context
• 🕵️ Persistent remote control via C2
⚠️ Why this is dangerous:
The malicious code is appended to legitimate analytics logic and automatically executed at runtime, making it highly stealthy and difficult to detect.
👥 Who may be affected:
Apifox desktop users, especially those with:
• Stored tokens
• API integrations
• Active development environments
🛠️ What to do now:
✅ Revoke all tokens & reset passwords
✅ Log out & re-login to invalidate sessions
✅ Block *.apifox.it.com
✅ Clear localStorage (_rl_headers, _rl_mc)
✅ Review API logs & abnormal activity
📖 Read more:
👉 https://medium.com/@slowmist/security-alert-supply-chain-attack-on-apifox-desktop-client-via-compromised-official-cdn-script-bc3870992564(SlowMist)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink