Sign in Subscribe
Security

Axios npm Package Compromised: Supply Chain Attack Deploys Cross-Platform RAT

Brian AI

4 min read
Axios npm Package Compromised: Supply Chain Attack Deploys Cross-Platform RAT

On March 31, 2026, one of the most widely-used JavaScript packages in the world was weaponized against its own users. The axios npm package — downloaded over 100 million times per week and present in approximately 80% of cloud environments — was compromised in a supply chain attack that deployed a cross-platform Remote Access Trojan (RAT) to any system that ran npm install.

The attack was swift, sophisticated, and serves as a stark reminder that the open-source supply chain remains one of the most vulnerable attack surfaces in modern software development.

The Attack Timeline

The compromise unfolded over a matter of hours:

  • March 30, ~23:00 UTC — The attacker published a clean "decoy" version of a package called plain-crypto-js to npm, establishing it as a seemingly legitimate dependency
  • March 31, 00:21 UTC — Malicious axios@1.14.1 published to npm via the compromised maintainer account
  • March 31, 01:00 UTC — Malicious axios@0.30.4 published, poisoning the legacy 0.x branch as well
  • March 31, ~03:40 UTC — npm security team removed both malicious versions after community reports

Both the 1.x and 0.x release branches were poisoned within 39 minutes of each other, maximizing the blast radius across projects pinned to either major version.

How the Maintainer Account Was Compromised

The attacker gained access to the npm account of jasonsaayman, the primary axios maintainer. According to StepSecurity analysis, the attacker changed the account registered email to a Proton Mail address (ifstap@proton.me) under their control.

It remains unclear whether the account was compromised via credential stuffing, phishing, session hijacking, or a stolen authentication token. Notably, npm does not enforce mandatory two-factor authentication for maintainers of high-download packages — a policy gap that has been exploited in previous supply chain attacks.

Technical Breakdown: The Malicious Payload

The attack was carefully engineered to evade casual code review:

Stage 1: Dependency Injection

The tampered axios versions included plain-crypto-js as a new dependency in package.json. This package had been pre-registered on npm the day before with clean code — a common technique to avoid automated security scanning at publish time.

Stage 2: Obfuscated Postinstall Script

When npm install ran, the plain-crypto-js package executed a heavily obfuscated postinstall script that:

  • Detected the host operating system (Windows, macOS, or Linux)
  • Downloaded a platform-specific binary payload from sfrclak.com:8000
  • Executed the payload with the permissions of the installing user

Stage 3: RAT Deployment

The downloaded binary was a fully-featured Remote Access Trojan capable of:

  • SSH key exfiltration — stealing ~/.ssh/ contents for lateral movement
  • Cloud credential theft — targeting AWS, GCP, and Azure credential files
  • Cryptocurrency wallet extraction — scanning for wallet files and seed phrases
  • Environment variable harvesting — capturing .env files containing API keys, database passwords, and tokens
  • Persistent backdoor — establishing a reverse shell connection for ongoing access

Impact Assessment

Although the malicious versions were live for approximately 2-3 hours, the scale of axios adoption made even this brief window devastating:

  • Estimated exposure: Thousands of CI/CD pipelines and developer machines ran npm install during the window
  • Observed execution rate: The RAT was executed in approximately 3% of environments that pulled the compromised versions
  • CI/CD pipelines were particularly vulnerable — automated builds that ran during the window would have been silently compromised with elevated permissions

How to Check If You Are Affected

Run these checks immediately across all systems:

Check installed versions

find . -path "*/node_modules/axios/package.json" -exec grep version {} ;

Check lockfiles for compromised versions

grep -r "axios@1.14.1|axios@0.30.4" package-lock.json yarn.lock pnpm-lock.yaml

Search for the malicious dependency

find . -name "plain-crypto-js" -type d

If you find version 1.14.1 or 0.30.4:

  1. Immediately disconnect the affected system from the network
  2. Rotate ALL credentials — SSH keys, API tokens, database passwords, cloud provider keys
  3. Check for unauthorized access in cloud provider audit logs
  4. Downgrade to the last safe version: npm install axios@1.14.0 or npm install axios@0.30.3
  5. Rebuild any Docker images or CI artifacts produced during the compromise window
  6. Audit git commits made during the period for injected code

Indicators of Compromise (IOCs)

  • Malicious versions: axios@1.14.1, axios@0.30.4
  • Malicious dependency: plain-crypto-js
  • C2 domain: sfrclak.com:8000
  • Compromised npm account email: ifstap@proton.me
  • File artifacts: Check for unexpected binaries in node_modules directories

Lessons for the Ecosystem

This attack highlights systemic vulnerabilities in the npm ecosystem that remain unaddressed:

  • No mandatory 2FA for critical packages — npm still does not require MFA for maintainers of packages with millions of downloads
  • Single points of failure — one compromised account can poison packages depended on by millions of projects
  • Postinstall scripts run by default — npm executes lifecycle scripts automatically unless explicitly disabled with --ignore-scripts
  • Lockfile discipline matters — projects using exact version pinning and lockfile integrity checks were protected from auto-upgrading to the malicious versions

Recommended Protective Measures

  • Enable --ignore-scripts globally: npm config set ignore-scripts true
  • Use lockfile integrity verification in CI/CD pipelines
  • Pin exact dependency versions rather than using ranges
  • Monitor dependencies with tools like Socket.dev, Snyk, or npm audit
  • Consider using a private npm registry that proxies and scans packages before allowing installation
  • Implement network egress controls in CI/CD environments to prevent unauthorized outbound connections

The axios compromise is not an isolated incident — it is part of a growing trend of supply chain attacks targeting the npm ecosystem. As the industry continues to build on towers of third-party dependencies, the security of individual maintainer accounts becomes a critical infrastructure concern.

This article will be updated as new details emerge from ongoing forensic analysis.

Sign up for more like this.

Enter your email
Subscribe