Full Report
A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows.
Analysis Summary
# Incident Report: axios NPM Package Supply Chain Compromise
## Executive Summary
An unknown threat actor compromised a maintainer’s npm account to publish two malicious versions of the popular `axios` HTTP client (v1.14.1 and v0.30.4). These versions contained a dropper that deployed cross-platform Remote Access Trojans (RATs) to developer and production environments. Although the packages were removed within hours, the library's massive ubiquity resulted in confirmed execution in approximately 3% of affected environments.
## Incident Details
- **Discovery Date:** March 31, 2026
- **Incident Date:** March 31, 2026 (~01:30 UTC)
- **Affected Organization:** Open-source `axios` project (and its global user base)
- **Sector:** Software Development / Technology
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 31, 2026, approx. 01:30 UTC
- **Vector:** Account Takeover (ATO)
- **Details:** An unknown actor gained unauthorized access to an `axios` maintainer's npm account and published malicious versions `1.14.1` and `0.30.4`.
### Lateral Movement
- **Details:** The attack moved from the npm registry to downstream users via automated dependency updates and CI/CD pipelines. Once installed on local machines or servers, the second-stage RATs allowed for remote shell execution and binary injection.
### Data Exfiltration/Impact
- **Details:** The malware transmitted system inventory (reconnaissance) to a C2 server and searched for secrets/credentials. High risk of upstream supply chain compromise if developer secrets were stolen.
### Detection & Response
- **How it was discovered:** Community detection and security researcher reporting (noted via GitHub and Step Security).
- **Response actions taken:** Malicious versions were removed from the npm registry within a few hours; security advisories (GHSA-fw8c-xr5c-95f9) were issued.
## Attack Methodology
- **Initial Access:** Compromised npm maintainer credentials.
- **Persistence:** Windows systems used a registry Run key (`MicrosoftUpdate`) and a re-download batch file; macOS/Linux used periodic beaconing.
- **Privilege Escalation:** Not explicitly detailed, but capable of binary injection and remote shell access.
- **Defense Evasion:** Use of a "self-cleaning" dropper (`setup.js`) that deletes itself and restores the original `package.json` after execution. macOS payload uses self-signing via `codesign`.
- **Credential Access:** Scanning affected systems for environment variables, API keys, and tokens.
- **Discovery:** Inventory gathering of system details and directory browsing.
- **Lateral Movement:** Propagation through the software supply chain (NPM distribution).
- **Collection:** Gathering system metadata and sensitive configuration files.
- **Exfiltration:** Exfiltration of system info via HTTP POST requests to C2.
- **Impact:** Installation of a persistent RAT allowing full remote takeover of the host.
## Impact Assessment
- **Financial:** Not disclosed; costs associated with global remediation and secret rotation are likely significant.
- **Data Breach:** Exposure of environment variables and potential CI/CD secrets.
- **Operational:** Disruption to build pipelines and mandatory incident response for thousands of organizations.
- **Reputational:** High-profile compromise of a package with 100M+ weekly downloads.
## Indicators of Compromise
- **Network indicators:** `sfrclak[.]com:8000` (C2 Beaconing)
- **File indicators:**
- `axios-0.30.4.tgz` (SHA256: `59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f`)
- `axios-1.14.1.tgz` (SHA256: `5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd`)
- `plain-crypto-js-4.2.1.tgz` (Trojanized dependency)
- `com.apple.act.mond` (macOS RAT)
- **Behavioral indicators:** Unexpected outbound HTTP POST requests to port 8000; execution of `setup.js` during npm install; modifications to Windows registry Run keys.
## Response Actions
- **Containment:** NPM removed the malicious versions to prevent further downloads.
- **Eradication:** Security teams must manually audit and delete the affected `node_modules` and malicious binaries (`com.apple.act.mond`, `stage2.ps1`).
- **Recovery:** Organizations must rotate any secrets (AWS keys, etc.) that were present in environments where the package was executed.
## Lessons Learned
- **Key takeaways:** High-traffic packages are Tier-0 assets; a single account compromise can affect millions within minutes.
- **Improvements:** The "self-cleaning" nature of the dropper highlights the need for real-time file integrity monitoring during package installation, as log-based post-mortem analysis may miss deleted artifacts.
## Recommendations
- **MFA:** Enforce Mandatory Multi-Factor Authentication for all package maintainers.
- **Lockfiles:** Use `package-lock.json` or `yarn.lock` and verify integrity hashes in CI/CD.
- **Dependency Pinning:** Avoid using "latest" or wildcards for critical production dependencies.
- **Network Filtering:** Egress filtering to prevent build servers from communicating with unknown external IPs/ports (e.g., port 8000).