Full Report
Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."…
Analysis Summary
# Incident Report: Axios Supply Chain Compromise (RAT Injection)
## Executive Summary
One of npm’s most widely used libraries, Axios (100M+ weekly downloads), was compromised via a hijacked maintainer account. The attackers bypassed the automated CI/CD pipeline to manually publish two malicious versions containing a cross-platform Remote Access Trojan (RAT). While the malicious versions were quickly removed, the scale of Axios’s distribution makes this one of the most significant supply chain attacks in recent history.
## Incident Details
- **Discovery Date:** March 31, 2026 (Reported)
- **Incident Date:** Circa March 30–31, 2026
- **Affected Organization:** Open-source Axios Project / Global Developer Community
- **Sector:** Information Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** Approximately 18 hours prior to the malicious release.
- **Vector:** Account Takeover (ATO).
- **Details:** The npm account of the primary maintainer ("jasonsaayman") was hijacked. Attackers swapped the associated email address for a ProtonMail account, locking the legitimate owner out.
### Lateral Movement
- **Details:** Not applicable in the traditional network sense; the attackers moved from account access to registry manipulation. They bypassed the project’s GitHub Actions CI/CD pipeline by publishing manually via the npm CLI.
### Data Exfiltration/Impact
- **Details:** The primary impact was the distribution of a multi-stage RAT to downstream users. The malware targets developer machines to establish persistence and potentially siphon credentials or sensitive environment data.
### Detection & Response
- **How it was discovered:** Detected by security firms (StepSecurity, Aikido, Socket) monitoring registry changes and anomalous package behavior.
- **Response actions:** Malicious versions were reported and yanked from the npm registry. The maintainer worked to regain account control.
## Attack Methodology
- **Initial Access:** Hijacked maintainer credentials/session for npm.
- **Persistence:** Malicious `post-install` script in a rogue dependency (`plain-crypto-js`).
- **Privilege Escalation:** Attacker assumed "Maintainer" privileges on the npm registry.
- **Defense Evasion:** Manual CLI upload bypassed CI/CD security checks; the malware used self-destructing traces and OS-native tools (PowerShell/Python).
- **Credential Access:** Staged to harvest developer environment variables and credentials via the RAT.
- **Discovery:** The malware performed OS fingerprinting to deliver specific payloads.
- **Lateral Movement:** Dependency-based supply chain delivery (Axios -> Downstream Devs/Servers).
- **Collection:** Automated collection of system data via the second-stage payload.
- **Exfiltration:** Phoning home to an attacker-controlled C2 to fetch final-stage malware.
- **Impact:** Compromise of developer workstations and CI/CD pipelines.
## Impact Assessment
- **Financial:** High (Potential costs for credential rotation and system remediation across millions of users).
- **Data Breach:** High risk; the RAT grants full remote access to infected environments.
- **Operational:** Significant disruption to CI/CD pipelines and software build processes globally.
- **Reputational:** High for the npm ecosystem; underscores persistent vulnerabilities in package management.
## Indicators of Compromise
- **Network indicators:**
- Outbound connections to ProtonMail (account change related).
- Outbound requests triggered by `plain-crypto-js` post-install scripts.
- **File indicators:**
- `[email protected]` (Malicious)
- `[email protected]` (Malicious)
- `[email protected]` (Malicious Dependency)
- **Behavioral indicators:**
- Unusual `npm publish` events not originating from GitHub Actions.
- Presence of unexpected system daemons (macOS), PowerShell payloads (Windows), or Python backdoors (Linux) following an npm install.
## Response Actions
- **Containment:** Malicious packages were removed from the npm registry.
- **Eradication:** Affected users advised to delete `node_modules` and lockfiles.
- **Recovery:** Recommendation for users of affected versions to rotate all environmental secrets and rebuild compromised local machines.
## Lessons Learned
- **MFA is Mandatory:** Maintainer accounts without robust Multi-Factor Authentication (MFA) or those susceptible to session hijacking are single points of failure for the internet.
- **CI/CD Bypass:** Trusting a package based on its GitHub history is insufficient if the registry (npm) allows manual uploads that bypass documented build pipelines.
- **Staging Awareness:** The attackers staged the malicious dependency 18 hours in advance, suggesting that "look-aside" monitoring of new dependency additions could provide early warning.
## Recommendations
- **For Maintainers:** Enforce Phishing-resistant MFA (WebAuthn/FIDO) and use "Provable Builds" or Sigstore to sign releases.
- **For Developers:** Use dependency pinning and tools that alert on "out-of-band" releases (releases that don't match the source code repository's CI/CD activity).
- **For Organizations:** Use a private registry or proxy that scans for known malicious dependencies and suspicious post-install scripts before allowing them into the internal environment.