Axios breach exposes npm supply chain risks

A compromise of the widely used Axios software package has triggered fresh concern over open-source security after attackers used a hijacked maintainer account to publish poisoned versions carrying remote access trojan malware for Windows, macOS and Linux systems. Security researchers said the malicious releases were pushed to npm on March 31 and removed within hours, but warned that any machine or build pipeline that installed them during that window should be treated as potentially compromised.

The tainted releases were identified as [email protected] and [email protected], hitting both the current 1. x branch and an older 0. x line in what analysts described as an attempt to widen exposure. Researchers across several security firms said the attacker inserted a malicious dependency, [email protected], designed to resemble the legitimate crypto-js package. That dependency used a postinstall script to fetch and run a cross-platform RAT, turning a routine package installation into a possible full-system breach.

Axios is one of the most heavily used JavaScript libraries in the software ecosystem, with reporting putting its weekly download count at around or above 100 million. That scale explains why the incident quickly drew attention beyond developer circles. Even though the malicious versions appear to have been live for only a short period, security specialists said the threat was amplified by automated dependency updates, CI/CD systems and build processes that can pull fresh packages without direct human review.

Investigators say the compromise did not appear to follow Axios’s standard release path. Several analyses found the malicious versions were published directly to npm rather than through the project’s usual GitHub-linked workflow, suggesting the intruder gained access to a maintainer credential or long-lived publishing token. Huntress said the primary maintainer account on npm was altered during the intrusion, while other researchers noted the rogue dependency had been uploaded only minutes earlier, a sign of deliberate staging rather than an accidental inclusion.

The malware itself has added to concern because it was built to work across the three main desktop operating systems used by developers and engineers. Elastic Security Labs said the backdoored Axios package delivered a unified cross-platform RAT, while Datadog and Snyk reported command-and-control infrastructure linked to the campaign and advised organisations to assume a broader host compromise if the malicious versions had been executed. That moves the issue beyond package hygiene into incident response, credential rotation and forensic review.

Security companies and threat researchers have not fully aligned on attribution, but a strong line of suspicion has emerged. An Axios report citing Google researchers said the campaign was linked to a North Korea-affiliated actor identified as UNC1069, a group associated with operations targeting cryptocurrency and decentralised finance firms. Other write-ups have focused more cautiously on the mechanics of the intrusion than on naming the actor, reflecting a wider pattern in cyber investigations where technical evidence can surface faster than definitive attribution.

The incident lands at a sensitive moment for the open-source world, where trust in volunteer-led maintenance remains essential but increasingly strained. Modern software is assembled from large chains of third-party components, and a breach at one well-trusted point can ripple quickly across sectors from finance to healthcare. Analysts have pointed to the Axios case as another reminder that security weaknesses in the software supply chain are no longer confined to obscure packages; attackers are pursuing highly trusted libraries because even a brief compromise can create outsized reach.

For companies, the immediate question is not only whether Axios was used, but whether the poisoned versions were ever installed in development machines, cloud runners or production build environments. Researchers have urged teams to check lock files and package histories for the affected releases and the typosquatted dependency, then isolate exposed systems, rotate secrets and tokens, and rebuild from known-clean states. Several firms stressed that simply upgrading Axios is not enough if the malicious install script already ran, because the risk then shifts from package versioning to persistence and stolen credentials.