When versions 1. 14. 1 and 0. 30. 4 of the popular HTTP client were published, the axios npm registry entry carried a fake dependency that installed a postinstall script acting as a remote access trojan (RAT) dropper for macOS, Windows and Linux.
What happened in the Axios Npm compromise?
Two newly published versions of the package injected a malicious dependency named “plain-crypto-js” version 4. 2. 1. The poisoned releases were published using compromised npm credentials for the primary maintainer account, allowing the attacker to publish directly to the registry and bypass the project’s CI/CD pipeline. The malicious versions and the fake dependency are no longer available for download from npm.
How did the malicious package operate?
The embedded code executed an obfuscated Node. js dropper called “setup. js” that ran a postinstall script whose “sole purpose is to execute a postinstall script that acts as a cross-platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux, ” security researcher Ashish Kurmi said. The dropper reached back to a command-and-control endpoint and delivered platform-specific second-stage payloads. StepSecurity described the delivery method: “Each platform sends a distinct POST body to the same C2 URL — /product0 (macOS), /product1 (Windows), /product2 (Linux). “
The second-stage macOS binary is a C++ RAT that fingerprints the system and beacons every 60 seconds for commands, supporting actions such as running additional payloads, executing shell commands, enumerating the file system, and terminating the RAT. SafeDep’s analysis of the Linux component found that it supports the same commands as the macOS RAT; however, the Linux sample lacks a persistence mechanism and does not survive across reboots, which suggests either an emphasis on quick exfiltration or use of the RAT to deploy persistence later.
What should affected projects and developers do?
Users who have Axios versions 1. 14. 1 or 0. 30. 4 installed are required to rotate their secrets and credentials immediately and to downgrade to safe versions (1. 14. 0 or 0. 30. 3). The attack involved a pre-staged malicious dependency and pre-built payloads for three operating systems; “The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes, ” Kurmi said. It is also noted that the attacker changed the maintainer account’s registered email address to a Proton Mail address and that the fake dependency was published by an npm user with a Proton Mail address, suggesting the actor obtained a long-lived classic npm access token to take control of publishing.
The compromise struck an extremely widely used library: Axios has more than 83 million weekly downloads, spanning frontend frameworks, backend services, and enterprise applications. That scale is central to why users are being asked to act quickly when removing the poisoned versions and rotating any credentials that may have been exposed.
StepSecurity and SafeDep provided technical analysis of the campaign, and Kurmi highlighted the attacker’s steps to evade detection: after execution, the malware deletes itself and replaces its own package. json with a clean version to frustrate forensic review.
The axios npm incident illustrates the tangible risk of supply chain compromise in widely distributed packages, and the immediate remediation guidance is clear: remove the impacted releases, rotate secrets, and move to the specified safe versions while teams investigate any signs of compromise.
