Axios NPM Packages Compromised in Active Supply Chain Attack

A severe and sophisticated supply chain attack has struck the widely used Axios HTTP client on the npm registry, exposing millions of developers worldwide to a cross-platform remote access trojan (RAT) capable of executing arbitrary commands and harvesting sensitive system data.

Maintainer Account Hijacked

The attack originated from a compromised maintainer account. According to StepSecurity, threat actors seized control of the jasonsaayman npm account Axios’s lead maintainer changed the registered email to an anonymous ProtonMail address, and manually published two malicious versions: axios@1.14.1 and axios@0.30.4.

Neither release has a corresponding GitHub commit or tag, confirming the attackers bypassed the project’s normal GitHub Actions CI/CD pipeline entirely.

The situation worsened when maintainers discovered the attacker’s account permissions exceeded their own, preventing immediate access revocation.

The Phantom Dependency

Both poisoned versions injected a fake dependency, plain-crypto-js@4.2.1a package that did not exist before the attack.

Attackers pre-staged this malicious dependency approximately 18 hours before the Axios compromise, using a caret range, so any new npm install would automatically pull it.

The package is never actually used in the Axios source code; its sole purpose is to trigger a postinstall lifecycle hook that drops the RAT.

The postinstall hook executes a dropper script named setup.js, protected by a two-layer obfuscation scheme combining Base64 string reversal and a hardcoded XOR cipher to evade static analysis and signature-based detection.

Once decoded, the script identifies the host operating system and contacts the attacker’s command-and-control (C2) server at sfrclak[.]com (IP: 142.11.206.73) to retrieve a platform-specific second-stage payload.x+1

Cross-Platform Payloads

The malware delivers tailored RATs for each operating system:

• macOS — A C++ Mach-O RAT disguised as a legitimate Apple background daemon, saved to /Library/Caches/com.apple.act.mond, capable of system fingerprinting and executing signed malicious binaries
• Windows — PowerShell disguised as Windows Terminal executes a hidden VBScript to download the final payload while bypassing execution policies
• Linux — A detached Python script (/tmp/ld.py) runs silently in the background

All variants communicate with the C2 server using HTTP POST requests formatted to mimic normal npm registry traffic.

Evidence Destruction

After successful execution, the malware deletes the setup.js dropper and the malicious package.json, then renames a pre-staged clean markdown file to replace the removed configuration, making the infected directory appear to be a harmless cryptography library with no remaining malicious artifacts.

Socket detected the attack within six minutes of publication, but the poisoned versions had already been distributed.

Type	Value
Malicious Packages	axios@1.14.1, axios@0.30.4, plain-crypto-js@4.2.1
C2 Server	sfrclak[.]com
C2 IP	142.11.206.73
macOS Artifact	/Library/Caches/com.apple.act.mond
Windows Artifact	%ProgramData%wt.exe
Linux Artifact	/tmp/ld.py

Remediation Steps

Developers are strongly advised to take the following actions immediately:

• Downgrade to axios@1.14.0 (1.x users) or axios@0.30.3 (0.x users)
• Rotate all credentials, API keys, and secrets on any exposed machine
• Audit network logs for outbound connections to sfrclak[.]com or 142.11.206.73
• Use --ignore-scripts in CI/CD environments to block malicious postinstall hooks
• Pin exact dependency versions and scan lockfiles for compromised packages

This marks the third major npm supply chain attack in six months, underscoring the growing risk of publisher account compromise as a primary attack vector against the open-source ecosystem.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Axios NPM Packages Compromised in Active Supply Chain Attack appeared first on Cyber Security News.