Axios NPM Package Supply Chain Hack

bleepingcomputer.com · SpyKiIIer · 5 days ago · view on HN · news
quality 7/10 · good
0 net
Tags
apple docker google malware microsoft node supply-chain
Hackers compromise Axios npm package to drop cross-platform malware Home News Security Hackers compromise Axios npm package to drop cross-platform malware Hackers compromise Axios npm package to drop cross-platform malware By Bill Toulas March 31, 2026 09:53 AM 0 Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. According to reports from software supply chain security and application security companies Endor Labs , Socket , Aikido , and StepSecurity , the threat actor published on the Node Package Manager (npm) registry two malicious versions of the package One malicious variant, [email protected], was published today at 00:21 UTC, while the second one, [email protected], emerged less than an hour later, at 01:00 UTC. The packages were published without the automated OpenID Connect (OIDC) package origin and no matching GitHub commit appeared, which should trigger an alert immediately. The researchers say that the threat actor gained access to the package after compromising the npm account of Jason Saayman, the main Axios maintainer. The OpenSourceMalware research community says that the attacker also took control of Saayman's GitHub account and changed the associated email to [email protected] , then removed a report about the compromise to which project collaborator DigitalBrainJS was trying to reply. It is unclear how many downstream projects have been impacted by the supply-chain attack during the nearly three-hour exposure window. Given that the Axios npm package has around 400 million monthly downloads , the number may be significant. Axios is an HTTP client for JavaScript applications that manages requests between clients, such as browsers or Node.js apps, and servers. Its purpose is to simplify communication via GET, POST, PUT/PATCH, and DELETE requests. Infection chain After getting access to the package, the attacker injected a malicious dependency called plain-crypto-js@^4.2.1 into the package.json file and did not alter the Axios code. The dependency executes a post-install script during the package’s installation, launching an obfuscated dropper (setup.js) that contacts a command-and-control (C2) server to retrieve a next-stage payload based on the detected operating system. Platform-specific attack chain Source: Endor Labs On Windows, the attack mixes VBScript and PowerShell to run a hidden Command Prompt window and execute a malicious script. The malware copies PowerShell to %PROGRAMDATA%\wt.exe to evade detection and achieve persistence across reboots, then downloads and executes a PowerShell script. On macOS, the malware uses AppleScript to download a binary to /Library/Caches/com.apple.act.mond , mark it as executable, and run it in the background. On Linux systems, the dropper fetches a Python-based payload stored at ‘ /tmp/ld.py ’ and executes it in the background with the nohup (no hang up) command. In all cases, the malware infected the host with a remote access trojan (RAT), allowing attackers to execute commands and maintain persistence on infected systems. The RAT can retrieve and execute a base64-encoded binary that it writes in a hidden temp file, execute shell commands via /bin/sh or AppleScript, and enumerate directories on the infected host. After the infection is completed, the dropper deletes itself, removes the modified package.json , and replaces it with a clean copy to make forensic investigations more difficult. Overview of the attack Source: Socket According to researchers at StepSecurity, the Axios supply-chain attack was not opportunistic , but a carefully planned activity, as "the malicious dependency was staged 18 hours in advance." The fact that different payloads were delivered based on the detected operating system appears to support this theory, along with the self-destruct action for every artifact. John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG) told BleepingComputer that behind the Axios package compromise is a North Korean actor tracked internally as UNC1069 and known to target "centralized exchanges (CEX), software developers at financial institutions, high-technology companies, and individuals at venture capital funds." A security researcher says that the macWebT name of the macOS RAT is a direct reference to malware used by the BlueNoroff hackers in campaigns observed by SentinelOne in 2023. BlueNoroff is a North Korean threat group specialized in financially-motivated cyberattacks. The actor has targeted banks, financial institutions, and cryptocurrency exchanges. Currently, there is no clear information about the threat actor behind the Axios supply-chain attack. Recently, several high-profile supply-chain attacks were claimed by a group known as TeamPCP. The hackers targeted popular open-source software projects like Telnyx , LiteLLM , and Trivy . However, the compromise of the Axios package does not have the characteristics of a TeamPCP attack, and security researchers couldn’t link it to a specific threat actor. Indicators of compromise (IoCs) are available from multiple organizations investigating the Axios supply-chain compromise and include the C2 domain used in the attack, sfrclak.com and other network details along with file system, packages data, and accounts observed in the attack: Endor Labs Socket Aikido StepSecurity OpenSourceMalware Elastic Snyk Huntress Security teams are recommended to check environments for the presence of [email protected] , [email protected] , or any version of plain-crypto-js and treat the system as compromised if any of them is detected. Axios should resolve to versions 1.14.0 or 0.30.3, or downgraded to an earlier version confirmed to be safe. Joe DeSimone of Elastic advises rotating credentials on systems running a compromised version of the Axios package, as the malware may have exfiltrated sensitive data such as keys and tokens. Charles Carmakal, chief technology officer at Mandiant, says that the Axios npm supply-chain attack "is broad and extends to other popular packages that have dependencies on it." The researcher warns that the amount of recent supply-chain incidents is overwhelming and that the secrets stolen this way over the past two weeks will lead to more compromises, crypto theft, ransomware, and extortion events. "We are aware of hundreds of thousands of stolen credentials. A variety of actors with varied motivations are behind these attacks," Carmakal says . Update [March 31, 13:09 EST] : Article updated with information about indicators of compromise and reference to potential BlueNoroff connection. Update [March 31, 14:22 EST]: Added attribution information and comments from Charles Carmakal and John Hultquist. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other. This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Trivy supply-chain attack spreads to Docker, GitHub repos GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX New PhantomRaven NPM attack wave steals dev data via 88 packages Nigerian man gets eight years in prison for hacking tax firms Backdoored Telnyx PyPI package pushes malware hidden in WAV audio Axios Malware npm RAT Remote Access Trojan Supply Chain Supply Chain Attack Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Cisco source code stolen in Trivy-linked dev environment breach Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now FBI confirms hack of Director Patel's personal email inbox Sponsor Posts Attackers aren’t breaking in. They’re logging in. See how these intrusions unfold Is your program ready for agentic GRC? See what shift enterprise teams need to make. Synthetic Identities, Proxies & Real Identities for Sale, is yours next? A unified control plane for all identities, human, non-human, and agentic. 5 Things to Measure in an AI-Driven SOC (That Didn't Exist Before) Upcoming Webinar Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories