Back to Blog

Axios NPM Supply Chain Attack: What Happened

Axios NPM Supply Chain Attack: What Happened

On March 31, 2026 (~01:30 UTC), a threat actor compromised the npm account of an axios maintainer and published two malicious releases (v1.14.1 and v0.30.4). Those versions quietly introduced a dependency on a trojanized package, plain-crypto-js, turning a routine install into a malware delivery path.

Although the malicious versions were removed within hours, axios has an exceptionally large footprint (~100 million weekly downloads and widespread presence across modern cloud estates). As a result, exposure propagated quickly. Available telemetry suggests code execution occurred in roughly 3% of environments that installed the affected versions.

Teams should treat this as an active supply chain incident and immediately assess the installation and execution of the impacted releases. Public tracking identifiers include GHSA-fw8c-xr5c-95f9 and MAL-2026-2306.

Technical Details: Cross-Platform, Self-Cleaning RAT

The malicious axios releases are designed to blend in: the primary functional delta is the injected dependency on plain-crypto-js. Because the publication occurred via a trusted maintainer account, traditional reputation-based controls and basic static checks may not flag the change.

During npm install, the malicious chain executes a dropper (setup.js) that contacts the C2 endpoint sfrclak.com:8000 to fetch a platform-specific second-stage payload. After staging the download, the dropper attempts to reduce forensic evidence by deleting itself and restoring a clean package.json.

The second-stage components behave as lightweight Remote Access Trojans (RATs). They beacon to the C2 approximately every 60 seconds to report system inventory and receive commands. Payloads are tailored by operating system:

  • macOS: A compiled Mach-O universal binary with tooling to self-sign injected payloads via codesign.
  • Windows: A PowerShell-based implant that establishes persistence using the MicrosoftUpdate registry Run key and a re-download batch file.
  • Linux: A Python-based implant focused on remote shell execution and host reconnaissance.

Which actions should security teams take?

For traditional security operations centers, mitigating a supply chain attack of this scale requires immediate, manual intervention across the entire stack:

  1. Audit axios usage: Freeze CI/CD pipelines and manually audit repositories to identify whether versions 1.14.1 or 0.30.4 were downloaded.
  2. Rotate exposed credentials: If the malicious package executed locally or in a build environment, assume total credential compromise. Scan affected systems for exposed secrets and manually rotate them.
  3. Investigate compromise paths: Review developer machines for signs of unauthorized access, as the malware executes directly during installation.
  4. Monitor for suspicious activity: Update WAFs to block outbound connections to sfrclak.com:8000. Query EDR logs for anomalous HTTP POST requests or unexpected process execution.

Check Your Exposure Instantly

Want to quickly check if you've been compromised by the Axios supply-chain attack? You don't have to audit your repos manually.

We just shipped a free Claude AI skill to help you verify your exposure in seconds.

Automate Your Defenses

Attackers are automating their exploits. It's time to automate your defense. Connect with the Cantina team to see how one agentic security OS eliminates the noise, auto-merges fixes, and protects your stack 24/7.

Get in touch.