On March 31, 2026, the widely used Axios HTTP client library was compromised in a supply chain attack that delivered cross-platform malware to potentially millions of developers. Two malicious npm versions (1.14.1 and 0.30.4) were published using a compromised maintainer account, allowing attackers to bypass the project’s CI/CD pipeline and inject a hidden dependency that deployed remote access trojan (RAT) malware across Windows, macOS, and Linux systems.
Axios is a core JavaScript HTTP client used across frontend frameworks like React, Vue, and Angular, as well as backend Node.js applications, making the impact particularly widespread.
The attack was staged over roughly 18 hours. It began on March 30 with a clean version of a fake package, plain-crypto-js, to build trust. Later that day, a malicious version of the same package was published with a hidden postinstall script. Shortly after, the compromised Axios versions were pushed live.
The malicious releases were available for about three hours before being removed, but during that window, they exposed one of the most widely used packages in the JavaScript ecosystem, which sees over 83 million weekly downloads.
Attack Method and Technical Analysis
The attacker gained access to the maintainer’s npm account using a long-lived access token. They changed the account email, locked out the legitimate owner, and published packages directly to npm without triggering GitHub security checks.
The malicious code never appeared in Axios itself. Instead, both compromised versions quietly added plain-crypto-js@4.2.1 as a dependency. This package contained a postinstall script that acted as a malware dropper.
Once installed, the script detected the operating system and executed a platform-specific attack:
macOS: Downloaded a trojan binary, saved it to a hidden cache directory, executed it, and removed traces of the installer. The malware then beaconed to a command-and-control server every 60 seconds.
Windows: Dropped a disguised PowerShell binary, executed a VBScript, and pulled a remote payload before cleaning up evidence.
Linux: Downloaded and executed a Python-based RAT in the background using nohup to persist after terminal closure.
Malware Capabilities
The RAT allowed attackers to execute commands, deploy additional payloads, and enumerate the file system. It did not include built-in persistence, suggesting the goal was rapid access, data exfiltration, or staging further compromise.
Forensic Evasion
The attackers used advanced cleanup techniques to hide the compromise. After execution, the malware removed the postinstall script, deleted references to it, and replaced modified files with clean versions.
This meant that even after infection, inspecting the package would show no obvious signs of tampering, making detection significantly harder.
Impact
Axios is deeply embedded in modern applications, from frontend frameworks to backend services and CI/CD pipelines. This gives the attack a potentially massive blast radius across organizations and environments.
Additional malicious packages were also identified distributing the same payload through bundled dependencies, further expanding exposure.
Response
The malicious packages have been removed from npm, and the Axios maintainers are investigating the compromise. However, any system that installed these versions during the exposure window may still be affected.
Indicators of Compromise
- Axios versions 1.14.1 or 0.30.4 present
- plain-crypto-js@4.2.1 in dependencies
- macOS: /Library/Caches/com.apple.act.mond
- Windows: %PROGRAMDATA%\wt.exe
- Linux: /tmp/ld.py
- Outbound connections to sfrclak.com:8000
Recommended Actions
Check: Search projects and pipelines for affected versions.
Fix: Downgrade Axios and remove plain-crypto-js.
Clean: Remove any identified malware artifacts.
Rotate: Change all credentials and tokens on affected systems.
Monitor: Block malicious domains and watch for suspicious traffic.
Industry Impact
This incident highlights ongoing risks in the npm ecosystem, especially around long-lived access tokens and package publishing controls. It also shows how attackers are evolving to bypass traditional code review and forensic analysis techniques.
The full impact is still being investigated.
