Major Supply Chain Compromise in the Popular axios npm Package

On March 30, 2026, two malicious versions of the widely used axios HTTP client library were published to npm; axios@1.14.1 and axios@0.30.4. The malicious versions inject a new dependency, plain-crypto-js@4.2.1, which, in turn, downloads a Remote Access Toolkit (RAT).

This new supply chain attack is just one in a recent run of such attacks targeting software dependencies in widely deployed software.

Based on current information, we can confirm there has been no exposure or impact to LevelBlue. As a trusted security partner, we remain on heightened alert for our clients and partners and are actively hunting for any related or suspicious activity across our environments. We are working directly with clients to assess potential exposure, provide guidance, and support any necessary response actions. While we cannot disclose client-specific information, we are highly confident in our threat hunting capabilities related to this supply chain attack.

Affected Versions

axios@1.14.1 and axios@0.30.4 are both compromised. If you installed either of those packages, you should assume you’ve been compromised.

Details

The attackers gained access to a maintainer account on GitHub and created two new releases of axios. One for the modern 1.x userbase and one for the 0.x legacy user base.

These releases did not contain malicious code directly; instead, a new dependency, plain-crypto-js@4.2.1, was added. The attackers created the repository with a 4.2.0 instance and immediately upgraded it to 4.2.1 so the package wouldn't show a blank history.

The plain-crypto-js repository pretends to be the legitimate repository crypto-js. All it does is add the command "postinstall": "node setup.js" to be executed when axios is updated. setup.js is a small, obfuscated, cross-platform dropper (Windows, Linux, and MacOS) which contacts a C2 server to download a RAT. After the RAT is injected, the code then cleans up leftover artifacts to evade forensic analysis.

The entire attack lasted under twenty hours, with axios@1.14.1 live for about three hours and axios@0.30.4 available for just over two hours. However, given the popularity of the package, the compromise is likely widespread. Additionally, with axios’ extensive adoption across enterprise and SaaS environments, even a short-lived compromise window presents significant downstream risk.

The Google Threat Intelligence Group (GTIG) attributes the attack to North Korean actors UNC1069 (also known as CryptoCore and MASAN).

Attack Flow

Recommendations

• Search all of your GitHub repositories and check your package.json or package-lock.json files for axios@1.14.1, axios@0.30.4, and plain-crypto-js.

• Review your CI/CD pipeline logs for those same strings.

• Assume that the presence of the malware suggests that all credentials on that system have been compromised, and reset credentials accordingly.

• Revisit your supply chain security policy, including inventorying and auditing 3rd party vendors, as well as documenting the risks your organization might be at due to those relationships.

• Do an active search for any of the IoCs listed below.

If you suspect your organization has been compromised or impacted, our experts are ready to assist 24x7 via response@levelblue.com.

IoCs

• 6202033.ps1 : 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 : Windows payload

• com.apple.act.mond : 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a : MacOS payload

• ld.py : fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf : Linux payload

• sfrclak[.]com : C2

• 142.11.206[.]73 : C2