Axios npm Package Hijacked to Deploy Cross-Platform-Specific RATs in Supply-Chain Attack
Threat actors hijacked the npm account of Axios maintainer Jason Saayman to publish malicious versions of the widely used JavaScript library, deploying cross-platform remote access Trojans that could compromise millions of developer environments.
Threat actors have hijacked the npm account of Axios maintainer Jason Saayman to publish malicious versions of the popular JavaScript library, deploying cross-platform remote access Trojans (RATs) in a sophisticated supply-chain attack that could have a massive blast radius. Axios, a promise-based HTTP client library, is downloaded over 100 million times weekly and used as a dependency in countless developer environments and CI/CD pipelines.
The attackers published malicious package versions v1.14.1 and v0.30.4, adding the dependency `plain-crypto-js` to deploy RATs capable of targeting both Windows and Linux systems. According to researchers at OpenSourceMalware, the threat, the threat actors staged the malicious dependency the day before the account takeover, changed Saayman's email address for persistence, and also hijacked his GitHub account. On GitHub, the attacker used admin privileges to unpin and delete an issue reporting the compromise while collaborator DigitalBrainJS was actively trying to respond.
Whereas legitimate Axios releases are published via GitHub Actions using OIDC provenance signing, these malicious versions were published directly via the npm CLI using stolen credentials. The malicious packages remained live for approximately three hours before npm administrators removed them. Google's Threat Intelligence Group (GTIG) has attributed the activity to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018, based on the use of the WAVESHAPER.V2 payload.
Google has warned that the blast radius of this attack could be extensive, given the number of popular packages with dependencies on Axios. Principal threat analyst at GTIG, Austin Larsen, urged security teams to check lockfiles for the presence of `plain-crypto-js`, Axios v1.14.1, or Axios v0.30.4, hunt for IOCs across developer machines and CI/CD infrastructure, and rotate credentials and remediate any exposed systems.
The multi-stage architecture, platform-specific payloads, and comprehensive RAT capabilities demonstrate that attackers are investing significant resources into supply chain attacks. The use of obfuscation, anti-analysis techniques, and self-deletion shows awareness of modern detection capabilities and an attempt to evade them. The choice to target Axios – a package with millions of weekly downloads – indicates an understanding of the npm ecosystem and potential for widespread impact.
Avital Harel, security researcher at Upwind, said that the build pipeline is becoming the new front line in the battle against open source threats. Attackers know that if they can compromise the systems that build and distribute software, they can inherit trust at scale. Organizations should be looking much more closely at CI/CD systems, package dependencies, and developer environments, because that's increasingly where attackers are placing their bets.
This incident follows a pattern of escalating supply-chain attacks against the npm ecosystem, including the recent Shai-Hulud worm targeting npm developers and coordinated campaigns against npm, PyPI, and Docker Hub. The attack on Axios, one of the most depended-upon packages in the JavaScript ecosystem, underscores the critical need for stronger security measures around package publishing, including mandatory multi-factor authentication and provenance verification.