Two Popular Apps Poisoned in One Week – Don’t Fall Victim!

Two supply chain attacks hit Apifox and LiteLLM. Check if you're affected and rotate credentials now.

Mar 26, 2026

∙ Paid

“AI Disruption” Publication 9200 Subscriptions 20% Discount Offer Link.

This week, two supply chain poisoning incidents occurred. Each one on its own is serious enough.

First Incident: Apifox’s CDN Was Compromised

If you opened Apifox after March 4th, for a period of time, the event tracking JS file you loaded was not the normal 34KB version, but a poisoned 77KB version.

The extra 42KB contained malicious code obfuscated across 7 layers.

Apifox is developed based on Electron and does not strictly enable sandbox mode, allowing the renderer process to directly call Node.js APIs.

The attacker did not need to escalate privileges. Once the software was opened, the malicious code began executing.

The malicious code would generate a machine fingerprint, steal your Apifox login token, and then use this information to connect to a C2 domain disguised as an official one: apifox.it.com.

Continue reading this post for free, courtesy of Meng Li.

Or purchase a paid subscription.