Axios npm Package Compromised in Sophisticated Supply Chain Attack

One of the most widely used JavaScript libraries in the world has been weaponized against developers. Hackers hijacked the npm account of Axios — a JavaScript HTTP client with over 400 million monthly downloads — and used it to distribute cross-platform remote access trojans (RATs) targeting Linux, Windows, and macOS systems. Security researchers from Endor Labs, Socket, Aikido, StepSecurity, and others confirmed the attack, which exposed millions of downstream projects during a nearly three-hour window on March 31, 2026.

How the Attack Unfolded

The threat actor gained initial access by compromising the npm account of Jason Saayman, the primary maintainer of the Axios package. Once inside, the attacker published two malicious versions of the package to the Node Package Manager (npm) registry:

  • axios@1.14.1 — published at 00:21 UTC
  • axios@0.30.4 — published less than 40 minutes later, at 01:00 UTC

Both versions were published without the automated OpenID Connect (OIDC) package origin verification, and no matching GitHub commit appeared — a red flag that should have triggered an immediate alert in any mature software supply chain monitoring system.

The OpenSourceMalware research community noted that the attacker also seized control of Saayman's GitHub account, changed the associated email address to ifstap@proton.me, and deleted a report about the compromise that a project collaborator had been attempting to respond to — an effort to suppress early detection.

Crucially, researchers at StepSecurity determined this was no opportunistic strike. The malicious dependency was staged 18 hours in advance, indicating careful, deliberate planning.

The Infection Chain: Platform-Specific Payloads

Rather than modifying Axios's core code directly, the attacker injected a malicious dependency — plain-crypto-js@^4.2.1 — into the package.json file. This dependency executes a post-install script upon package installation, launching an obfuscated dropper (setup.js) that contacts a command-and-control (C2) server at sfrclak.com to retrieve a tailored payload based on the victim's operating system.

Windows

On Windows, the attack chains VBScript and PowerShell to spawn a hidden Command Prompt window. The malware copies PowerShell to %PROGRAMDATA%\wt.exe to evade detection and establish persistence across reboots, then downloads and executes a secondary PowerShell script.

macOS

On macOS, AppleScript is used to download a binary to /Library/Caches/com.apple.act.mond, mark it executable, and run it silently in the background. Security researchers identified the macOS RAT — referred to internally as macWebT — as directly linked to malware previously attributed to BlueNoroff, a North Korean threat group specializing in financially motivated attacks against banks, cryptocurrency exchanges, and financial institutions.

Linux

On Linux, the dropper fetches a Python-based payload stored at /tmp/ld.py and executes it in the background using the nohup command, ensuring the process persists even if the terminal session ends.

What the RAT Can Do

Across all three platforms, the malware installs a remote access trojan (RAT) that gives attackers broad capabilities over the infected host, including:

  • Retrieving and executing a base64-encoded binary written to a hidden temp file
  • Executing arbitrary shell commands via /bin/sh or AppleScript
  • Enumerating directories on the infected host
  • Potentially exfiltrating sensitive data such as API keys, tokens, and credentials

After completing the infection, the dropper performs a self-destruct routine — deleting itself, removing the tampered package.json, and replacing it with a clean copy to hinder forensic investigation.

North Korean Threat Actor Behind the Attack

John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), attributed the attack to a North Korean actor tracked internally as UNC1069. This group is known to target centralized cryptocurrency exchanges, software developers at financial institutions, high-technology companies, and individuals at venture capital funds.

The connection to BlueNoroff — a subgroup of the Lazarus Group with a long history of financially motivated cyber operations — is reinforced by the macWebT RAT, which was previously observed in BlueNoroff campaigns documented by SentinelOne in 2023. While attribution remains active, the technical indicators and targeting patterns are consistent with North Korean state-sponsored financial cybercrime.

"The Axios npm supply-chain attack is broad and extends to other popular packages that have dependencies on it." — Charles Carmakal, CTO, Mandiant

Scope and Downstream Impact

Given Axios's position as one of the most depended-upon packages in the JavaScript ecosystem, the blast radius of this attack is potentially enormous. Charles Carmakal, CTO at Mandiant, warned that the compromise extends beyond Axios itself to other popular packages that list Axios as a dependency. The exact number of affected downstream projects during the nearly three-hour exposure window remains unknown.

Indicators of Compromise (IoCs)

Multiple security organizations have published IoCs related to this attack. Security teams should check for the following and treat any affected system as fully compromised:

  • Presence of axios@1.14.1 or axios@0.30.4 in any environment
  • Any version of plain-crypto-js installed as a dependency
  • Network connections to the C2 domain sfrclak.com
  • The file %PROGRAMDATA%\wt.exe on Windows systems
  • The file /Library/Caches/com.apple.act.mond on macOS systems
  • The file /tmp/ld.py on Linux systems

Full IoC lists, including network details, file system artifacts, and account identifiers, have been published by Endor Labs, Socket, Aikido, StepSecurity, OpenSourceMalware, Elastic, Snyk, and Huntress.

Immediate Remediation Steps

If your environment uses Axios, take the following actions immediately:

  • Pin Axios to a safe version: Downgrade to axios@1.14.0, axios@0.30.3, or an earlier confirmed-safe release.
  • Rotate all credentials: Joe DeSimone of Elastic strongly advises rotating API keys, tokens, and secrets on any system that ran a compromised version, as the RAT may have already exfiltrated them.
  • Audit your dependency tree: Check for plain-crypto-js anywhere in your node_modules or lock files.
  • Enable OIDC package origin verification: Enforce provenance checks on all npm packages to detect unsigned or unverified releases going forward.
  • Review system artifacts: Investigate for the platform-specific RAT artifacts listed in the IoC section above.

Conclusion: A Wake-Up Call for the JavaScript Ecosystem

The Axios npm compromise is a stark reminder that even the most trusted, ubiquitous packages in modern software development are high-value targets for nation-state threat actors. With 400 million monthly downloads, Axios represents exactly the kind of single point of failure that sophisticated adversaries — like North Korea's BlueNoroff — actively seek to exploit for maximum downstream impact.

The attack's sophistication — pre-staged dependencies, platform-aware payloads, self-destructing artifacts, and coordinated account takeovers — underscores the need for rigorous supply chain security practices: enforcing package provenance, monitoring for anomalous publish events, and maintaining incident response playbooks specifically for dependency compromise scenarios. If your organization relies on the npm ecosystem, now is the time to harden your software supply chain before the next package maintainer account falls.