Full Report
On March 30, 2026, two malicious versions of the widely used axios HTTP client library were published to npm; [email protected] and [email protected]. The malicious versions inject a new dependency, [email protected], which, in turn, downloads a Remote Access Toolkit (RAT).
Analysis Summary
# Incident Report: Supply Chain Compromise of axios npm Package
## Executive Summary
On March 30, 2026, threat actors executed a supply chain attack by publishing malicious versions of the highly popular `axios` HTTP client library to the npm registry. Versions `1.14.1` and `0.30.4` were found to contain a hidden dependency, `[email protected]`, which serves as a downloader for a Remote Access Toolkit (RAT). This compromise potentially impacts millions of applications that leverage `axios` for HTTP requests, granting attackers remote persistence on affected developer and production systems.
## Incident Details
- **Discovery Date:** March 30, 2026
- **Incident Date:** March 30, 2026
- **Affected Organization:** Users of the `axios` npm package
- **Sector:** Global Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 30, 2026
- **Vector:** Supply Chain Compromise (Registry Poisoning/Account Takeover)
- **Details:** Malicious versions `1.14.1` and `0.30.4` were uploaded to the official npm registry, appearing as legitimate updates to the `axios` library.
### Lateral Movement
- **Details:** Upon installation or update of the compromised package, the injected dependency `[email protected]` executes a script that initiates a connection to a remote server. This is used to download and execute a more robust RAT payload to move deeper into the host network.
### Data Exfiltration/Impact
- **Details:** The RAT facilitates unauthorized remote command execution, potentially leading to the theft of environment variables, source code, and cloud provider credentials stored on the infected machines.
### Detection & Response
- **How it was discovered:** Automated security monitoring and community analysis of npm registry changes.
- **Response actions taken:** Security researchers identified the malicious dependency chain; the npm security team was notified to remove the malicious packages from the registry.
## Attack Methodology
- **Initial Access:** Software Supply Chain Compromise; injection of malicious code into a trusted open-source dependency.
- **Persistence:** Remote Access Toolkit (RAT) installation on the local filesystem.
- **Defense Evasion:** Use of a secondary, seemingly innocuous dependency (`plain-crypto-js`) to mask the malicious download logic.
- **Command and Control:** Established via hardcoded C2 domains and IP addresses to download secondary payloads.
- **Impact:** Unauthorized remote access and potential compromise of the entire CI/CD pipeline and developer workstations.
## Impact Assessment
- **Financial:** High potential cost related to incident response, auditing codebases, and rotating compromised credentials.
- **Data Breach:** High risk to intellectual property (source code) and secret keys (API keys, SSH keys).
- **Operational:** Significant disruption as organizations must identify, roll back, and audit all applications using the affected versions.
- **Reputational:** High impact on the trust of the `axios` maintainers and the npm ecosystem.
## Indicators of Compromise
- **Network Indicators:**
- `rclak[.]com` (C2 Domain)
- `142.11.206[.]73` (C2 IP)
- **File Indicators:**
- `[email protected]` (Malicious npm package)
- `[email protected]` (Malicious npm package)
- `[email protected]` (Malicious dependency)
## Response Actions
- **Containment:** Removal of the malicious versions from the npm registry.
- **Eradication:** Advisory issued to developers to downgrade to known-good versions (e.g., `1.14.0` or `0.30.3`) and delete `node_modules` and lockfiles.
- **Recovery:** Scanning environments for the presence of the RAT and rotating all credentials that may have been present on affected systems.
## Lessons Learned
- **Dependency Paradox:** Even highly trusted, mature libraries like `axios` can be compromised, highlighting the danger of "blind trust" in automated dependency updates.
- **Nested Dependencies:** Attackers are increasingly using secondary, less-scrutinized packages (`plain-crypto-js`) to hide malicious payloads within a larger package's dependency tree.
## Recommendations
- **Version Pinning:** Pin package versions in `package.json` and utilize `package-lock.json` to prevent automatic updates to unverified versions.
- **SCA Tools:** Use Software Composition Analysis (SCA) tools to monitor for known vulnerabilities and malicious package announcements.
- **Egress Filtering:** Implement strict network egress filtering on build servers and developer machines to block unauthorized C2 communications.
- **Registry Proxies:** Use private registry proxies (like Artifactory or Nexus) to vet and approve new package versions before they are available for internal use.