The Axios NPM Compromise: A Supply Chain Attack of Unprecedented Scale
On March 31, 2026, the JavaScript ecosystem faced one of its most significant supply chain attacks when the axios npm package was compromised. With over 100 million weekly downloads and 174,000 dependent packages, axios is a foundational HTTP client library used across countless applications, CI/CD pipelines, and production environments worldwide.
How the Attack Unfolded
The attacker compromised the npm account of jasonsaayman, the lead maintainer of axios, and changed the registered email to an anonymous ProtonMail address (ifstap@proton.me). Rather than modifying axios source code directly, the attacker published two malicious versions that introduced a phantom dependency called plain-crypto-js.
The compromised versions were axios@1.14.1 (tagged latest) and axios@0.30.4 (tagged legacy). This dual-targeting approach ensured that projects using either the current or legacy axios API would receive the malicious payload.
The Attack Chain
The malicious dependency plain-crypto-js contained a postinstall hook that executed automatically during npm install. This hook downloaded and executed platform-specific Remote Access Trojan (RAT) implants for macOS, Windows, and Linux from the command-and-control server at sfrclak.com:8000.
What makes this attack particularly sophisticated is the anti-forensic measures employed. After deployment, the malware performed self-deletion and replaced its package.json with a clean version, effectively erasing evidence of compromise from the node_modules directory.
Timeline of Events
The attack was pre-staged over approximately 18 hours. On March 30 at 23:59 UTC, the weaponized plain-crypto-js@4.2.1 was published. At 00:21 UTC on March 31, axios@1.14.1 was published, followed by axios@0.30.4 at 01:00 UTC. Both malicious versions remained available for approximately 2-3 hours before npm removed them.
Attribution
Google’s Threat Intelligence Group attributed this attack to UNC1069, a North Korea-nexus threat actor often linked to the broader BlueNoroff cluster. The macOS payload exhibited significant overlap with WAVESHAPER, a C++ backdoor tracked by Mandiant and attributed to UNC1069.
Detection and Remediation
Organizations should immediately check their lockfiles for references to axios@1.14.1 or axios@0.30.4. Any system that installed these versions during the exposure window should be treated as fully compromised.
Key indicators of compromise include:
– macOS: /Library/Caches/com.apple.act.mond
– Windows: %PROGRAMDATA%\wt.exe
– Linux: /tmp/ld.py
– Network connections to sfrclak.com or 142.11.206.73 on port 8000
Implications for the Industry
This incident highlights systemic weaknesses in npm’s security model. The shift from OIDC trusted publishing to direct CLI publish via a compromised account demonstrates how a single point of failure can expose millions of systems. The attack bypassed CI/CD safeguards entirely, publishing directly to npm without corresponding GitHub commits or tags.
The use of postinstall scripts to execute arbitrary code during package installation remains the single biggest enabler of npm supply chain attacks. Until npm implements mandatory sandboxing or permission prompts for such scripts, third-party tools remain the primary detection layer.
Prevention Measures
Developers and organizations can take several steps to mitigate similar risks:
– Use npm ci –ignore-scripts in CI/CD to block postinstall hooks
– Pin exact versions in lockfiles instead of semver ranges
– Implement package age minimums with tools like Socket or Aikido
– Monitor outbound network anomalies from build environments
– Use short-lived publishing credentials with minimal permissions
Conclusion
The axios supply chain attack represents a concerning evolution in the sophistication of npm-based compromises. The combination of account hijacking, anti-forensic techniques, and cross-platform RAT deployment demonstrates the continued attractiveness of the npm ecosystem as an attack vector. Organizations must remain vigilant and implement defense-in-depth strategies to protect against such supply chain threats.
Original Article: https://www.elastic.co/security-labs/axios-one-rat-to-rule-them-all
References: Elastic Security Labs, Google Threat Intelligence Group, Datadog Security Labs, Huntress
Comments are closed