On March 31, 2026, the cybersecurity landscape was shaken by a significant supply chain attack targeting Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem with over 83 million weekly downloads. Attackers compromised a maintainer account to inject a cross-platform remote access trojan (RAT) into two malicious package versions.
Attack Vector: Maintainer Account Compromise
According to The Hacker News, the threat actor compromised the npm account of “jasonsaayman,” the primary Axios maintainer, and changed its registered email address to a Proton Mail address under their control (“ifstap@proton.me”). Using stolen credentials, the attackers bypassed the project’s GitHub Actions CI/CD pipeline to manually publish two malicious versions:
- axios@1.14.1 (published March 31, 00:21 UTC)
- axios@0.30.4 (published March 31, 01:00 UTC)
Phantom Dependency Injection
Rather than embedding malicious code directly into Axios, the attackers employed a subtle technique: they injected a fake dependency called “plain-crypto-js@4.2.1” that was never referenced in the Axios source code. This phantom dependency’s sole purpose was to execute a postinstall script that deployed the RAT. The clean version (4.2.0) was staged 18 hours before the attack to establish credibility.
Cross-Platform RAT Capabilities
The malware delivered platform-specific payloads targeting macOS, Windows, and Linux systems, each communicating with a C2 server at sfrclak.com:8000:
- macOS: AppleScript payload saves a trojan binary to /Library/Caches/com.apple.act.mond and executes it via /bin/zsh
- Windows: Disguises PowerShell as Windows Terminal (wt.exe), uses VBScript to fetch and execute a PowerShell RAT with registry persistence
- Linux: Downloads Python RAT script to /tmp/ld.py and executes via nohup in the background
All variants support system fingerprinting, shell command execution, file system enumeration, and the ability to run additional payloads. The Windows variant uniquely establishes persistence through a Registry Run key.
Anti-Forensics and Stealth
StepSecurity researchers noted the attack’s emphasis on evasion. After execution, the dropper deleted itself and replaced its package.json with a clean version to conceal evidence of compromise. The cleanup occurred within 36 seconds of installation—just enough time to establish persistence before covering tracks.
“This was not opportunistic. The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct.”
— Ashish Kurmi, StepSecurity
Timeline
- March 30, 05:57 UTC: Clean plain-crypto-js@4.2.0 published
- March 30, 23:59 UTC: Malicious plain-crypto-js@4.2.1 published
- March 31, 00:21 UTC: axios@1.14.1 published via compromised account
- March 31, 01:00 UTC: axios@0.30.4 published
- ~03:15 UTC: Both malicious Axios versions removed from npm
- 03:25 UTC: npm places security hold on plain-crypto-js
Immediate Actions Required
Developers who installed axios@1.14.1 or axios@0.30.4 should treat their systems as fully compromised. Safe versions include 1.14.0 and 0.30.3. Recommended remediation steps:
- Rotate all credentials, including API keys and tokens immediately
- Review network logs for connections to sfrclak.com or packages.npm.org
- Rebuild affected systems entirely rather than attempting partial cleanup
- Reinstall dependencies with scripts disabled (npm install –ignore-scripts)
- Audit your package-lock.json for any reference to plain-crypto-js
Why This Matters
This attack demonstrates the fragility of the npm supply chain. A single compromised maintainer account can impact millions of developers worldwide. The malicious versions were available for approximately three hours, but given Axios’s massive download volume, the blast radius could be substantial.
As SafeDep noted: “No Axios source files were modified, making traditional diff-based code review less likely to catch it. The malicious behavior lives entirely in a transitive dependency, triggered automatically by npm’s postinstall lifecycle.”
Source: The Hacker News | StepSecurity
