Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan

A maintainer account for the widely-used axios npm package was compromised and used to publish poisoned versions 1.14.1 and 0.30.4. The malicious releases contained a hidden dependency that drops a cross-platform remote access trojan (RAT).

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Extremely widespread; axios is a core HTTP client library with millions of weekly downloads and deep integration across JavaScript/Node.js ecosystems
Ecosystems
npm
Attack vectors
Account takeoverCompromised package
Affected entities
  • axios · 1.14.1, 0.30.4

The axios npm package, one of the most popular HTTP client libraries in the JavaScript ecosystem, was compromised through a hijacked maintainer account. Attackers published malicious versions 1.14.1 and 0.30.4 that inject a hidden dependency designed to deliver a cross-platform remote access trojan.

The attack vector was account takeover of a package maintainer, which allowed the attacker to directly publish poisoned releases to npm without needing to compromise the source repository. The RAT payload provides remote access capabilities across Windows, macOS, and Linux platforms, presenting a critical risk to all systems that installed or updated to these specific versions.

According to the source, this incident is actively being investigated with a full technical analysis to follow. The widespread adoption of axios in production environments, build pipelines, and CI/CD systems means the potential blast radius is extremely large.

Indicators of compromise

Packages
  • axios@1.14.1
  • axios@0.30.4

Remediation

  • Immediately audit and revoke if necessary: npm access tokens and authentication credentials associated with maintainer accounts
  • For all systems: verify installed axios versions are not 1.14.1 or 0.30.4; downgrade to a known-safe earlier version if affected
  • Scan systems for network connections to unknown C2 servers and suspicious process execution initiated by the RAT
  • Review package-lock.json or yarn.lock files to identify which projects locked these poisoned versions
  • Enable npm 2FA (two-factor authentication) on all npm accounts with publish permissions
  • Monitor npm audit feeds and security advisories for official patched releases from axios maintainers
  • If you run your own registry or proxy, apply filters to block these specific versions from being installed downstream

Sources

  1. axios Compromised on npm - Malicious Versions Drop Remote Access Trojan · StepSecurity

Cite this entry

"axios Compromised on npm - Malicious Versions Drop Remote Access Trojan." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed April 9, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan-1py3ac

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. activecritical

    Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem

    A new wave of the Mini Shai-Hulud worm has compromised multiple npm packages across Alibaba's AntV data visualization ecosystem, including echarts-for-react and timeago.js. Stolen CI/CD secrets are being exfiltrated and dumped to thousands of public GitHub repositories as the attack spreads.

    npmOtherCompromised packageAccount takeover
  2. activecritical

    The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave

    TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.

    npmOtherAccount takeoverCompromised packageMalicious maintainer
  3. activecritical

    Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope

    The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).

    npmOtherCompromised packageBuild-system compromiseAccount takeover
  4. containedhigh

    10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions

    TeamPCP compromised 76 Trivy version tags on GitHub Actions in an overnight attack, followed by a similar KICS compromise using the same methodology. The attacks targeted credential exfiltration through malicious GitHub Actions.

    OtherContainer registryCompromised packageAccount takeover