~/home/news/critical-supply-chain-compromise-2026-04-01
newsWednesday, April 1, 20268 min read👁 56 views

Critical Supply-Chain Compromise of Axios npm Package Delivers Cross-Platform RAT

The official Axios npm package ([email protected]) was hijacked, pulling in a malicious dependency (plain-crypto-js) that installs a remote-access Trojan on Windows, Linux and macOS. The attack, which bypassed GitHub Actions CI, has a blast radius of over 300 million downloads.

supply-chainnpmaxiossecurity

Overview/Introduction

On 30 March 2026 a highly-visible supply-chain attack struck the Axios HTTP client library - one of the most downloaded JavaScript packages on npm. The official [email protected] package was compromised to automatically pull in a new, malicious dependency called [email protected]. That dependency drops a cross-platform Remote Access Trojan (RAT) capable of persisting on Windows, macOS and Linux systems.

With more than 300 million total downloads across the npm registry, the incident represents one of the largest single-package supply-chain compromises in recent memory. The attacker hijacked the maintainer’s npm account, published a clean version of the dependency to establish credibility, and then slipped in the malicious payload just before midnight UTC, effectively bypassing the project's GitHub Actions CI pipeline.

Technical Details

CVE Information

At the time of writing no CVE identifier has been assigned. Security researchers anticipate a CVE-2026-XXXXX will be issued once the vulnerability is catalogued by MITRE.

Attack Vector & Exploitation Method

  • Account takeover: The primary maintainer, Jason Saayman, had his npm account compromised. The attacker changed the account’s email to an anonymous ProtonMail address, locking the legitimate owner out.
  • Package publishing abuse: Using the npm CLI, the attacker published two versions of a new package, plain-crypto-js.
  • Dependency injection: The compromised [email protected] package added plain-crypto-js as a runtime dependency. When a project installed Axios, npm automatically fetched the malicious package.
  • Payload delivery: Upon installation, the malicious script writes platform-specific backdoor files:
    • Windows - %PROGRAMDATA%\wt.exe
    • macOS - /Library/Caches/com.apple.act.mond
    • Linux - /tmp/ld.py
  • C2 communications: The backdoor contacts sfrclak.com (IP 142.11.206.73) over HTTPS, exchanging a short JSON beacon that includes the host identifier and basic system information.

Why Traditional Scanning Missed It

The attacker deliberately staged the attack over an 18-hour window. By first publishing a clean version of plain-crypto-js, automated tools that flag new packages with no history were satisfied. The malicious version appeared only after the clean version had built a reputation, allowing it to slip past both npm’s “npm audit” and the GitHub Actions workflow that normally runs npm install and security linting.

Impact Analysis

The blast radius is enormous:

  • Over 300 million total downloads of axios (cumulative, not just weekly) across public and private registries.
  • Any Node.js project that depends on [email protected] or a version range that resolves to it will automatically fetch the malicious dependency.
  • Enterprises that use Axios in backend services, serverless functions, CI pipelines, or desktop-electron apps are all at risk.
  • Because the RAT is cross-platform, the impact spans Windows servers, Linux containers, and macOS CI runners.

From a risk perspective, the compromise meets the classic CIA triad breach:

  • Confidentiality: The RAT can exfiltrate files, environment variables, and credentials.
  • Integrity: Attackers can modify code or configuration at runtime.
  • Availability: Persistent backdoors enable lateral movement and potential ransomware deployment.

Timeline of Events

2026-03-29 12:00 UTC - Attacker gains access to maintainer’s npm account.
2026-03-29 14:15 UTC - Email address changed to anonymous ProtonMail.
2026-03-29 18:30 UTC - First clean package published: [email protected].
2026-03-30 22:45 UTC - Malicious package published: [email protected].
2026-03-30 23:50 UTC - [email protected] released, pulling in [email protected].
2026-03-31 00:05 UTC - Security vendor Socket’s automated monitoring flags new dependency.
2026-03-31 04:00 UTC - Step Security publishes technical analysis.
2026-03-31 08:00 UTC - Public advisory issued by multiple security firms.
2026-04-01 09:00 UTC - RootShell.blog publishes detailed investigation.

Mitigation/Recommendations

  • Immediate version pinning: Freeze Axios to 1.14.0 or 0.30.3. Update package-lock.json/yarn.lock accordingly.
  • Audit dependencies: Run npm audit and npm ls plain-crypto-js to locate any installations of the malicious package.
  • Remove malicious binaries: Search for the known backdoor file paths and delete them. On Windows, also remove the scheduled task or service that may have been created.
  • Network detection: Block outbound traffic to sfrclak.com (IP 142.11.206.73) at the firewall level. Look for DNS queries or TLS handshakes to that domain.
  • Rotate credentials: Any secrets that may have been exposed (API keys, DB passwords, cloud tokens) should be rotated immediately.
  • Enable two-factor authentication (2FA): All npm accounts with publishing rights must enforce 2FA to prevent future hijacks.
  • Adopt SCA tools with provenance checks: Tools that verify package signatures (e.g., Sigstore, npm’s npm pkg verification) can flag unsigned or newly-published packages.
  • CI hardening: Do not rely solely on downstream CI pipelines to catch malicious dependencies. Incorporate upstream SBOM generation and verification as part of the build.

Real-World Impact

Enterprises that ship micro-services with Axios as their HTTP client may have inadvertently deployed a persistent backdoor to production clusters. For example, a fintech API gateway that pulls market data via Axios could now be exfiltrating transaction logs to the attacker’s C2 server.

In the open-source world, countless hobbyist projects, CLI tools, and Electron desktop applications have already been compromised. Users of popular frameworks (Next.js, NestJS, React Native) that bundle Axios as a transitive dependency are also at risk.

Beyond direct compromise, the incident erodes trust in the npm ecosystem. Developers now face the dilemma of either freezing critical dependencies or investing in expensive supply-chain security solutions.

Expert Opinion

As a senior cybersecurity analyst, I view this attack as a watershed moment for JavaScript supply-chain security. The attacker demonstrated a deep understanding of npm’s publishing workflow and leveraged social engineering (account takeover) to subvert the entire CI pipeline. The staged release-clean package followed by malicious payload-shows that automated scanners are still vulnerable to reputation-based evasion.

Two broader implications emerge:

  1. Identity hygiene is paramount. Maintaining strict 2FA, monitoring account activity, and rotating npm tokens must become baseline practice for any organization that publishes to public registries.
  2. Provenance and reproducibility will be non-negotiable. Future npm releases are likely to require signed packages, deterministic builds, and immutable SBOMs. Enterprises should start integrating tools like Sigstore and OpenSSF Scorecard into their pipelines today.

In short, the Axios compromise is a stark reminder that the weakest link in a software supply chain is often the human factor-credential theft. The industry must shift from reactive “patch-after-the-fact” models to proactive identity and provenance controls.