Malware in telemetry-axios
Malware was discovered in the npm package telemetry-axios, resulting in full system compromise for any installation. The package should be removed immediately and all secrets and keys rotated from a different computer.
- Disclosed
- Last updated
- Blast radius
- Any system with telemetry-axios installed or running
- Ecosystems
- Attack vectors
- Affected entities
- telemetry-axios
The npm package telemetry-axios was found to contain malware. According to the GitHub Advisory (GHSA-89mf-39r2-ff96), any computer with this package installed or running should be considered fully compromised.\n\nThe advisory recommends immediate removal of the package and rotation of all secrets and keys from a different, unaffected computer. However, due to the full control potentially granted to an outside entity, removal of the package alone may not eliminate all malicious software that resulted from the installation.\n\nThis represents a critical supply chain compromise affecting all users of the telemetry-axios package.
Indicators of compromise
- Packages
- telemetry-axios
Remediation
- Remove the telemetry-axios package immediately from all affected systems
- Rotate all secrets, keys, and credentials from a different, unaffected computer
- Assume full system compromise and conduct forensic analysis
- Review system logs for unauthorized access or activity
- Consider full system rebuild if critical infrastructure or sensitive data is involved
Sources
- GitHub Advisory GHSA-89mf-39r2-ff96 · GitHub Advisory Database
Cite this entry
"Malware in telemetry-axios." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 17, 2026; last updated July 17, 2026. https://supplychainattack.org/incident/malware-in-telemetry-axios-hhrx2w
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedcritical
Malware in anthropic-claude-latest
The npm package anthropic-claude-latest was found to contain malware, potentially giving attackers full control of affected systems. All systems with this package installed should be considered compromised and require immediate remediation.
npmCompromised package - activecritical
Malware in axios-native
The npm package axios-native contains malware that grants full system compromise to attackers. Any computer with this package installed should be considered fully compromised and all secrets and keys rotated immediately from a different machine.
npmCompromised package - containedcritical
Malware in scan-only
The npm package scan-only was found to contain malware, potentially giving full control of affected systems to an outside entity. Any computer with this package installed or running should be considered fully compromised.
npmCompromised package - activecritical
Malware in my-tailwind-gutenberg-block
The npm package my-tailwind-gutenberg-block contains malware that grants full system compromise to an outside entity. All systems with this package installed should be considered fully compromised and all secrets and keys rotated immediately from a different computer.
npmCompromised package