SlowMist: Apifox desktop client suffers supply chain attack; malicious code can steal credentials and execute commands remotely.

CoinFeed reported on March 26 that, according to SlowMist's monitoring, the Apifox desktop client suffered a supply chain attack, with its official CDN-hosted front-end script files being injected with highly obfuscated malicious JavaScript code. Affected users may face risks such as credential theft, sensitive data leakage, and remote command execution. The malicious code is automated and highly stealthy. SlowMist advises users to immediately revoke all tokens, reset passwords, log out and log back in to invalidate sessions, block the *.apifox.it.com domain, clear local storage, and review API logs and abnormal activity.