Malicious npm Packages Target Axios Users in Supply Chain Attack
On March 30–31, an attacker compromised the npm account of a lead Axios maintainer (jasonsaayman) and published two trojanized versions of the widely used JavaScript HTTP client library. The malicious releases axios@1.14.1 and axios@0.30.4 were designed to infect developer machines across macOS, Windows, and Linux with a cross-platform remote access trojan (RAT).
The attack leveraged a hidden dependency, plain-crypto-js@4.2.1, disguised as the legitimate crypto-js library. Though never referenced in Axios’s source code, the package executed a postinstall script that contacted a command-and-control (C2) server (sfrclak.com), downloaded a platform-specific RAT payload, and then erased all traces of its execution. The malware deployed differently per OS:
- macOS: Dropped a binary at /Library/Caches/com.apple.act.mond, mimicking an Apple system process.
- Windows: Copied PowerShell to %PROGRAMDATA%\wt.exe and ran a hidden script.
- Linux: Installed a Python-based RAT at /tmp/ld.py.
The attacker staged the operation over 18 hours, first publishing a clean decoy version of plain-crypto-js at 05:57 UTC on March 30, followed by the malicious version at 23:59 UTC. The compromised Axios account then released the poisoned packages axios@1.14.1 at 00:21 UTC and axios@0.30.4 at 01:00 UTC on March 31 targeting both modern (1.x) and legacy (0.x) branches within 39 minutes.
StepSecurity’s analysis found the malware initiated C2 communication just 1.1 seconds after installation. After execution, the dropper script (setup.js) deleted itself, replaced its package.json with a clean stub, and altered version metadata to evade detection. Forensic inspection of the installed package would show no signs of tampering.
The malicious versions remained live for 2–3 hours before npm unpublished them and locked plain-crypto-js. Neither compromised release appears in Axios’s GitHub repository, confirming they were published directly to npm outside the project’s CI/CD pipeline.
Security firms including StepSecurity, Snyk, Wiz, and Vercel have warned that any system running the malicious packages should be considered fully compromised, with all credentials rotated immediately. The incident is tracked in GitHub issue axios/axios#10604. Axios is downloaded roughly 100 million times weekly, amplifying the potential impact.
npm, Inc. cybersecurity rating report: https://www.rankiteo.com/company/npm-inc-
"id": "NPM1774974567",
"linkid": "npm-inc-",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Developers and organizations '
'using compromised Axios '
'versions',
'industry': 'Software Development',
'name': 'Axios',
'type': 'Open-source library'}],
'attack_vector': 'Compromised npm account and malicious package publication',
'customer_advisories': 'Developers and organizations using Axios are advised '
'to check for compromised versions and rotate '
'credentials.',
'date_detected': '2024-03-31',
'description': 'An attacker compromised the npm account of a lead Axios '
'maintainer and published two trojanized versions of the '
'widely used JavaScript HTTP client library. The malicious '
'releases axios@1.14.1 and axios@0.30.4 were designed to '
'infect developer machines across macOS, Windows, and Linux '
'with a cross-platform remote access trojan (RAT). The attack '
'leveraged a hidden dependency, plain-crypto-js@4.2.1, '
'disguised as the legitimate crypto-js library, which executed '
'a postinstall script to download and deploy a RAT payload.',
'impact': {'brand_reputation_impact': 'High (Axios is widely used with ~100M '
'weekly downloads)',
'identity_theft_risk': 'High (credentials rotation recommended)',
'operational_impact': 'Systems running malicious packages '
'considered fully compromised',
'systems_affected': 'Developer machines (macOS, Windows, Linux)'},
'initial_access_broker': {'backdoors_established': 'Hidden dependency '
'(plain-crypto-js@4.2.1) '
'with postinstall script',
'entry_point': 'Compromised npm account of Axios '
'maintainer',
'high_value_targets': 'Developers and organizations '
'using Axios',
'reconnaissance_period': '18 hours (staging of '
'decoy and malicious '
'packages)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need for stricter npm account security, dependency '
'verification, and CI/CD pipeline integrity checks.',
'post_incident_analysis': {'corrective_actions': ['Enhanced npm account '
'security (MFA, access '
'controls)',
'CI/CD pipeline integrity '
'verification',
'Dependency verification '
'mechanisms'],
'root_causes': ['Compromised npm account '
'credentials',
'Lack of CI/CD pipeline integrity '
'checks',
'Hidden malicious dependency with '
'postinstall script execution']},
'recommendations': ['Rotate all credentials on systems running malicious '
'packages',
'Verify npm package integrity before installation',
'Monitor for hidden dependencies and postinstall scripts',
'Enhance CI/CD pipeline security to prevent unauthorized '
'package publication'],
'references': [{'source': 'GitHub Issue',
'url': 'https://github.com/axios/axios/issues/10604'},
{'source': 'StepSecurity Analysis'},
{'source': 'Snyk Advisory'},
{'source': 'Wiz Advisory'},
{'source': 'Vercel Advisory'}],
'response': {'communication_strategy': 'Security advisories issued by '
'StepSecurity, Snyk, Wiz, and Vercel',
'containment_measures': 'npm unpublished malicious packages and '
'locked plain-crypto-js',
'remediation_measures': 'Malicious packages removed; credentials '
'rotation recommended',
'third_party_assistance': 'StepSecurity, Snyk, Wiz, Vercel'},
'stakeholder_advisories': 'Security firms (StepSecurity, Snyk, Wiz, Vercel) '
'have issued warnings about the incident.',
'title': 'Malicious npm Packages Target Axios Users in Supply Chain Attack',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Hidden dependency with postinstall script '
'execution'}