Axios attack on NPM injects RAT and compromises thousands of developers

The popular Axios library, used in numerous JavaScript projects to perform HTTP requests, recorded a supply chain attack that compromised two specific versions published in the NPM registry. Investigadores from StepSecurity identified versions 1.14.1 and 0.30.4 as malicious, published in the early hours of March 31, 2026. The packages injected a fake dependency that runs an installation script capable of installing a remote access trojan on developer machines.

The incident exposed the vast development ecosystem that depends on the library, one of the most downloaded on the platform with more than 100 million weekly downloads. The attackers did not change the core code of Axios, but added a hidden dependency called plain-crypto-js@4.2.1. Essa dependency activated automatically when running npm install, installing specific payloads for Windows, macOS and Linux.

How the maintenance account was compromised

Those responsible for the attack gained access to the NPM account of the project’s main maintainer, identified as jasonsaayman. Eles changed the associated email address toifstap@proton.meand manually published the compromised versions, bypassing the repository’s automated continuous integration flows on GitHub. The first malicious version, axios@1.14.1, was released around 00:21 UTC, followed by axios@0.30.4 approximately 39 minutes later.

This approach allowed packages to be made available without triggering signature checks or usual CI/CD processes. Axios maintainers reacted quickly upon discovery, and NPM removed both versions within hours, limiting exposure time to about two to three hours.

⚡ WARNING – Axios npm (83M weekly downloads) was compromised, turning installs into a malware delivery path.

Versions 1.14.1 and 0.30.4 pulled a fake dependency that dropped a cross-platform RAT, then erased evidence. Published using stolen maintainer credentials.

🔗What…pic.twitter.com/rBTiPGZmbr

—The Hacker News (@TheHackersNews)March 31, 2026

Technical details of the injected malware

The false dependency plain-crypto-js@4.2.1 was not imported at any point in the original Axios code, serving exclusively to execute a postinstall script. The script acted as a remote access trojan dropper, establishing contact with a command and control server to download additional payloads tailored to each operating system.

Obfuscation techniques were used to make immediate analysis difficult, with commands decoded at run time. Após successful installation, the malware removed its own traces, replacing the package.json file with a clean version to avoid detection in later inspections of the node_modules folder.

• Checking for affected versions with the npm list axios command filtering 1.14.1 or 0.30.4
• Checking the presence of the node_modules/plain-crypto-js folder as an indicator of compromise
• Search for artifacts such as temporary files in /tmp/ld.py or equivalents on other systems

Recommended mitigation measures for developers

Developers who installed versions 1.14.1 or 0.30.4 should consider the environment compromised and take immediate action. The main recommendation is to revert to the previous secure versions: axios@1.14.0 in the latest branch or axios@0.30.3 in the legacy version.

It is essential to remove the fake dependency, perform a clean install with the –ignore-scripts flag, and rotate all sensitive credentials, including NPM tokens, SSH keys, cloud service accesses, and environment variables. In continuous integration pipelines, permanently adopting the parameter that ignores post-installation scripts helps prevent unwanted automatic executions.

Leia Tambem

Colby Minifie confirms Ashley Barrett’s powers in The Boys season five

Napoli x Milan in Serie A with confirmed lineups and where to watch live

New battery test puts Galaxy S26 Ultra ahead of iPhone 17 Pro Max in global ranking

Impact on the JavaScript development ecosystem

Axios is among the most used libraries in the Node.js ecosystem and in front-end applications, being a direct or indirect dependency of numerous corporate and open source projects. The attack highlights the inherent vulnerability of individual maintainer accounts in highly popular packages, even when the core code remains intact.

Security experts note that the method used demonstrates operational sophistication, with prior preparation of the false dependency in a clean version before injecting the malicious payload. Essa strategy complicated initial automatic detections and increased risk during the short period in which the versions were available.

Guidelines for checking and cleaning affected environments

Development teams need to audit installation logs and package history to identify whether malicious versions were downloaded. The presence of the plain-crypto-js folder in node_modules serves as a strong indicator that the dropper was executed, regardless of later file removal.

After cleaning, it is recommended to fully scan systems with threat detection tools and monitor network connections to addresses associated with the control server. Immediately updating security policies in private repositories also helps reduce similar risks in other packages.

Preventing future attacks on packet logs

The incident reinforces the importance of measures such as strict multi-factor authentication on publishing accounts, continuous monitoring of changes to package metadata, and adopting more robust integrity checks. Projetos open source systems with high adoption may consider additional review processes before new releases.

Individual developers and companies should prioritize pinning known safe versions in project configuration files, avoiding automatic installation of updates without prior validation. Essas practices help limit the attack surface in software supply chains.

The security community continues to monitor the case to map possible victims and refine detection tools. Até At this time, there are no public reports of large-scale exploitation, but the unanimous recommendation is to treat any installation of the affected versions as a total compromise of the system involved.