Image: thehackernews.comIn a major cybersecurity incident that sent ripples through the JavaScript developer community, the popular Axios HTTP client library fell victim to a sophisticated supply chain attack. With over 100 million weekly downloads, Axios is a cornerstone for making API requests in countless web and Node.js applications. Just days ago, on March 31, 2026, attackers compromised the npm account of lead maintainer Jason Saayman through social engineering, allowing them to publish two malicious versions laced with a remote access trojan (RAT).
The Attack Timeline and Initial Discovery
The breach unfolded rapidly in the early hours of March 31, 2026. Between 00:21 and 03:20 UTC, the attackers used the compromised credentials to release axios@1.14.1 (tagged as "latest") and axios@0.30.4 (tagged as "legacy"). These versions introduced a phantom dependency called plain-crypto-js@4.2.1, which was never imported in the legitimate Axios source code but executed via a postinstall script.
Security researchers from Google Threat Intelligence Group (GTIG), StepSecurity, and others quickly identified the malicious packages. The dependency acted as an obfuscated dropper, deploying WAVESHAPER.V2, an updated backdoor capable of targeting Windows, macOS, and Linux systems. The packages were published directly using npm CLI with a long-lived access token, bypassing the project's GitHub Actions CI/CD pipeline and OIDC-based publishing controls.
npm promptly removed the malicious versions, but not before they potentially reached developers running automated installs during the brief window. The attack highlights how even well-maintained projects with millions of users remain vulnerable when a single maintainer's account is targeted.
Social Engineering: The Human Weak Link
Unlike traditional credential stuffing or malware-based compromises, this attack began with a targeted social engineering campaign. According to statements from maintainer Jason Saayman on the project's GitHub, the threat actors posed as representatives from a well-known company interested in collaboration. They created cloned identities, set up a convincing Slack workspace, scheduled staged meetings, and eventually tricked the maintainer into installing a malicious payload that provided remote access to his machine.
Once inside the maintainer's environment, the attackers hijacked active browser sessions and cookies, gaining control over both npm and GitHub accounts. The npm account email was changed to ifstap@proton.me, and the attacker published the malicious packages under the legitimate maintainer account. Saayman noted having 2FA/MFA enabled on practically everything, yet the session hijacking allowed the attackers to operate with full privileges.
This incident underscores a growing trend: sophisticated nation-state actors are increasingly targeting individual open-source maintainers through personalized deception rather than purely technical exploits. The attacker, identified as UNC1069 (also known as Sapphire Sleet), is a financially motivated North Korea-nexus group active since at least 2018.
Technical Details of the Malicious Dependency
The plain-crypto-js@4.2.1 package, published by a new npm user "nrwise" with a Proton Mail address, served as the attack's payload delivery mechanism. Upon installation, its postinstall hook would download and execute the WAVESHAPER.V2 backdoor from attacker-controlled infrastructure.
Analysis by multiple security firms revealed the RAT's capabilities include credential stealing (targeting cloud keys, API tokens, database passwords, and npm tokens), persistence mechanisms across operating systems, and command-and-control communication via domains like sfrclak[.]com. The malware was designed to erase traces after execution, making forensic analysis more challenging.
Importantly, the malicious versions did not appear in the official Axios GitHub repository tags, meaning only those who resolved to the specific npm versions via "npm install" without strict versioning were affected. This phantom dependency technique is particularly insidious because it evades casual code reviews.
Impact, Response, and Attribution
While the exposure window was limited to roughly two to three hours, the sheer popularity of Axios means thousands of builds and developer machines could have been impacted. Security firms like Huntress reported observing over a hundred affected devices in their telemetry. The attack has been attributed to North Korean actors based on infrastructure overlaps, including VPN nodes and ASNs previously linked to UNC1069 operations.
The Axios team, led by Saayman, has been working with npm to revoke tokens, review audit logs, and prepare a detailed postmortem (available in GitHub issue #10636). The project has urged users to avoid the compromised versions and review their dependency trees. npm has since unlisted the malicious packages, and updated safe versions have been promoted.
This event comes amid heightened awareness around supply chain security, following previous incidents like the xz utils backdoor attempt. It demonstrates that even projects with security best practices in place can fall prey to advanced persistent threats targeting the human element.
Practical Insights and Protection Tips for Developers
Developers and organizations should take immediate steps to assess potential exposure:
- Audit your dependencies: Use tools like npm ls axios or check package-lock.json files for versions 1.14.1 or 0.30.4. Remove any instances of plain-crypto-js.
- Scan for indicators of compromise: Look for unexpected network connections to suspicious domains and review systems for anomalous processes.
- Adopt strict versioning: Pin exact versions in package.json and use lockfiles religiously to prevent unexpected updates.
- Enhance maintainer security: Consider using hardware security keys, dedicated machines for publishing, and trusted publishing with OIDC where possible. Be extremely cautious with unsolicited collaboration requests.
- Implement supply chain security tools: Solutions like StepSecurity, Socket.dev, or Snyk can provide real-time dependency scanning and reputation monitoring. Generate SBOMs (Software Bills of Materials) for critical projects.
- Incident response readiness: Have playbooks ready for supply chain compromises, including isolating affected environments and rotating all exposed credentials.
Organizations should also prioritize segmentation—avoid running npm installs with elevated privileges in production pipelines.
As the Axios team prepares their full postmortem, the broader open-source community is once again reminded that supply chain security is a shared responsibility. Maintainers carry an enormous burden, often without compensation, while downstream users must remain vigilant.
This incident serves as a stark warning: in our interconnected software ecosystem, a single successful social engineering attack can compromise millions of applications overnight. By learning from events like this and implementing layered defenses, the tech community can strengthen its resilience against evolving threats from sophisticated actors.