Rand-User-Agent Hacked in Supply Chain Attack
Rand-User-Agent’s Hidden Threat Rand-user-agent, a popular npm package, fell victim to a supply chain attack in May 2025. This tool, used for generating random user-agent strings, averages 45,000 weekly downloads. However, attackers exploited its semi-abandoned status to inject malicious code. The code deploys a remote access trojan (RAT) on users’ systems. How the Attack Unfolds …