Skip to content
supplychainattack.orgSupply chain attack incident catalog
containedcritical

Malware in telemetry-axios

Malware was discovered in the npm package telemetry-axios, resulting in full system compromise for any installation. The package should be removed immediately and all secrets and keys rotated from a different computer.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Any system with telemetry-axios installed or running
Ecosystems
Attack vectors
Affected entities
  • telemetry-axios

The npm package telemetry-axios was found to contain malware. According to the GitHub Advisory (GHSA-89mf-39r2-ff96), any computer with this package installed or running should be considered fully compromised.\n\nThe advisory recommends immediate removal of the package and rotation of all secrets and keys from a different, unaffected computer. However, due to the full control potentially granted to an outside entity, removal of the package alone may not eliminate all malicious software that resulted from the installation.\n\nThis represents a critical supply chain compromise affecting all users of the telemetry-axios package.

Indicators of compromise

Packages
  • telemetry-axios

Remediation

  • Remove the telemetry-axios package immediately from all affected systems
  • Rotate all secrets, keys, and credentials from a different, unaffected computer
  • Assume full system compromise and conduct forensic analysis
  • Review system logs for unauthorized access or activity
  • Consider full system rebuild if critical infrastructure or sensitive data is involved

Sources

  1. GitHub Advisory GHSA-89mf-39r2-ff96 · GitHub Advisory Database

Cite this entry

"Malware in telemetry-axios." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 17, 2026; last updated July 17, 2026. https://supplychainattack.org/incident/malware-in-telemetry-axios-hhrx2w

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. containedcritical

    Malware in anthropic-claude-latest

    The npm package anthropic-claude-latest was found to contain malware, potentially giving attackers full control of affected systems. All systems with this package installed should be considered compromised and require immediate remediation.

    npmCompromised package
  2. activecritical

    Malware in axios-native

    The npm package axios-native contains malware that grants full system compromise to attackers. Any computer with this package installed should be considered fully compromised and all secrets and keys rotated immediately from a different machine.

    npmCompromised package
  3. containedcritical

    Malware in scan-only

    The npm package scan-only was found to contain malware, potentially giving full control of affected systems to an outside entity. Any computer with this package installed or running should be considered fully compromised.

    npmCompromised package
  4. activecritical

    Malware in my-tailwind-gutenberg-block

    The npm package my-tailwind-gutenberg-block contains malware that grants full system compromise to an outside entity. All systems with this package installed should be considered fully compromised and all secrets and keys rotated immediately from a different computer.

    npmCompromised package