Axios npm Package Hijacked to Distribute Cross-Platform Malware
Key Takeaways A sophisticated supply chain attack compromised the npm package for Axios, a widely used JavaScript library, on March 30, 2026. Attackers gained control of the lead maintainer’s...
Key Takeaways
- A sophisticated supply chain attack compromised the npm package for Axios, a widely used JavaScript library, on March 30, 2026.
- Attackers gained control of the lead maintainer’s npm account, publishing malicious versions [email protected] and [email protected].
- These compromised versions installed a cross-platform remote access trojan (RAT) on Windows, macOS, and Linux systems.
- Organizations across government, finance, healthcare, manufacturing, retail, and technology sectors were affected.
Supply Chain Attack Unleashes Cross-Platform Malware via Compromised Axios npm Package
In a significant supply chain attack on March 30, 2026, threat actors leveraged Axios, one of the most widely adopted JavaScript libraries globally, to deploy sophisticated malware. By injecting malicious code into the Axios npm package, the attackers silently compromised developer machines running Windows, macOS, and Linux operating systems.
Table Of Content
With over 100 million weekly downloads, Axios stands as the preeminent HTTP client within the JavaScript ecosystem. This makes the incident one of the most extensive supply chain compromises observed to date, impacting a vast array of development environments.
Attack Vector: Compromised Maintainer Account
The attack originated from an unauthorized takeover of the npm account belonging to Jason Saayman, the primary maintainer of the Axios project. The perpetrators stealthily altered the account’s registered email address to a ProtonMail address under their control, thereby securing full administrative privileges.
Utilizing a stolen npm access token, the attacker proceeded to manually publish two poisoned versions of Axios: [email protected] and [email protected]. These malicious releases were pushed within a 39-minute window, targeting both the current and legacy branches of the library. Notably, neither of these versions corresponds to any official commit, tag, or release in the authentic Axios GitHub repository.

Forensic Analysis Reveals Widespread Impact
Researchers Peter Girnus and Jacob Santos from Trend Micro conducted a comprehensive forensic investigation into the incident, meticulously charting the full infection chain and assessing the scope of the damage. Their analysis indicated that, at the time of their study, the threat had already infiltrated organizations across critical sectors including government, finance, healthcare, manufacturing, retail, and technology. Telemetry data further corroborated active exploitation during the window of the attack.
The two compromised Axios versions contained a deceptive addition to their package manifest: a “phantom dependency” named [email protected]. This package was not legitimately imported or referenced anywhere within the 86 files of the Axios source code. Its sole purpose was to activate npm’s automatic postinstall hook upon installation. Once triggered, this hook would deploy a cross-platform remote access trojan (RAT) onto the victim’s system. Following successful execution, the malware self-deleted its dropper script, replacing it with a clean decoy to make the node_modules folder appear benign and evade detection.

The attackers executed their operation with meticulous planning over approximately 18 hours. Initially, they published a clean decoy version of plain-crypto-js to establish a benign registry history, aiming to avoid immediate suspicion. Several hours later, they registered the command-and-control (C2) server before finally pushing the malicious payload. This attack also effectively bypassed GitHub Actions’ OIDC Trusted Publisher safeguards, which typically link npm releases to verified CI workflows. The manual publication using a stolen token meant no cryptographic binding or gitHead reference was present in the metadata, circumventing these protective measures.
Inside the RAT Dropper
The dropper component, named setup.js, employed a two-layered obfuscation scheme to elude automated security scanners. The inner layer utilized a custom XOR cipher with the key “OrDeR_7077” and a quadratic index pattern to randomize character-access sequences. The outer layer was responsible for reversing encoded strings, restoring base64 padding, and then passing the result through the inner cipher. All module names for critical functions, including file system access, shell execution, and platform detection, were dynamically decoded at runtime via require() calls, rendering them invisible to static analysis tools.
Upon execution, the dropper identified the operating system and launched the corresponding payload. On macOS, it retrieved a binary via AppleScript, saving it to a path designed to mimic an legitimate Apple system daemon. For Windows systems, the dropper used a VBScript launcher to execute a PowerShell RAT entirely in memory, without writing any payload to disk. This PowerShell binary was disguised as “Windows Terminal.” On Linux, a Python RAT was downloaded and initiated as a detached background process, orphaned to PID 1, ensuring its persistence beyond the npm installation session. The C2 server, sfrclak[.]com, was registered merely eight hours before the malicious payload became active, indicating a disposable infrastructure strategy aimed at minimizing the attacker’s footprint.

What You Should Do
- Update Axios: Developers who installed the malicious versions ([email protected] or [email protected]) should immediately downgrade or pin their projects to known-good versions like [email protected] or [email protected].
- Remove Malicious Dependency: Ensure the plain-crypto-js directory is removed from your node_modules folder.
- System Rebuild: Any system identified with RAT artifacts should be rebuilt from a trusted, clean state rather than attempting an in-place cleanup.
- Credential Rotation: Promptly rotate all credentials that were accessible during the compromise window, including npm tokens, cloud keys, CI/CD secrets, and SSH keys.
- Harden CI/CD Pipelines: Implement
npm ci –ignore-scriptsin CI/CD pipelines to prevent the automatic execution of postinstall hooks, which was the primary mechanism for this attack. - Network Block: Block access to the command-and-control server, sfrclak[.]com, at the network perimeter.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.