Full Report
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. [...]
Analysis Summary
# Incident Report: Hijacking of Axios npm Package for Cross-Platform Malware Delivery
## Executive Summary
On March 31, 2026, threat actors hijacked the npm account of a lead maintainer for **Axios**, a ubiquitous JavaScript HTTP client with over 100 million weekly downloads. The attackers published two malicious versions containing a cross-platform Remote Access Trojan (RAT) targeting Windows, macOS, and Linux. Although the package was only exposed for approximately three hours before removal, the scale of Axios’s downstream dependencies suggests a high potential for widespread compromise.
## Incident Details
- **Discovery Date:** March 31, 2026
- **Incident Date:** March 31, 2026 (00:21 UTC – 03:00 UTC)
- **Affected Organization:** Open-source community (Axios package)
- **Sector:** Information Technology / Software Supply Chain
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 31, 2026, 00:21 UTC
- **Vector:** Account Takeover (Maintainer Hijack)
- **Details:** Attackers gained unauthorized access to the npm account of Jason Saayman, a core Axios maintainer.
### Lateral Movement
- **Supply Chain Injection:** Attackers did not modify the Axios source code directly. Instead, they updated `package.json` to include a malicious dependency: `plain-crypto-js@^4.2.1`.
### Data Exfiltration/Impact
- **Malware Deployment:** The malicious versions installed a RAT capable of executing shell commands, enumerating directories, and maintaining persistence on infected hosts.
### Detection & Response
- **Detection:** Security firms (Socket, Endor Labs, etc.) noticed the publication of packages without OIDC package origin signatures or matching GitHub commits.
- **Exposure Window:** Approximately 3 hours.
- **Remediation:** npm removed the malicious versions (`1.14.1` and `0.30.4`).
## Attack Methodology
- **Initial Access:** Compromised legitimate maintainer credentials/session for npm.
- **Persistence:** On Windows, copies PowerShell to `%PROGRAMDATA%\wt.exe` for startup execution; on macOS/Linux, uses background processes and AppleScript/system commands.
- **Privilege Escalation:** Uses system-specific script interpreters (AppleScript, VBScript) to execute payloads.
- **Defense Evasion:**
- Renames malicious files to masquerade as system utilities (`wt.exe`).
- Self-destruct mechanism: Deletes the dropper and reverts `package.json` post-infection.
- Deployment via `post-install` scripts to trigger automatically upon `npm install`.
- **Credential Access:** The RAT is capable of retrieving base64-encoded binaries and potentially scraping environment variables.
- **Discovery:** Performs directory enumeration and OS fingerprinting to deliver platform-specific payloads.
- **Impact:** Deployment of a Remote Access Trojan (RAT) to gain full system control.
## Impact Assessment
- **Financial:** Unknown; potential for massive costs related to incident response for downstream organizations.
- **Data Breach:** Risk of sensitive credential theft (tokens, environment variables) from developer workstations and CI/CD pipelines.
- **Operational:** Disruption to CI/CD pipelines as organizations scramble to purge malicious versions.
- **Reputational:** High-profile breach of one of the world's most trusted JavaScript libraries.
## Indicators of Compromise
- **File Indicators:**
- `plain-crypto-js` (Malicious npm dependency)
- `setup.js` (Obfuscated dropper)
- `%PROGRAMDATA%\wt.exe` (Renamed PowerShell)
- `/tmp/ld.py` (Linux payload)
- `/Library/Caches/com.apple.act.mond` (macOS payload)
- **Behavioral Indicators:**
- npm installs triggering unexpected network connections to unknown IP addresses.
- Automated reversion of `package.json` files on disk without user interaction.
## Response Actions
- **Containment:** Removal of malicious versions `1.14.1` and `0.30.4` from the npm registry.
- **Eradication:** Revocation of the compromised maintainer's credentials.
- **Recovery:** Users advised to pin versions to `1.14.0` or `0.30.3`.
## Lessons Learned
- **Credential Security:** Even major packages are vulnerable if maintainers do not use multi-factor authentication or if sessions are hijacked.
- **OIDC/Provenance:** The lack of OpenID Connect (OIDC) provenance for the malicious release was a key early warning sign.
- **Targeted Staging:** The 18-hour pre-staging of the malicious dependency suggests threat actors are becoming more methodical in supply chain attacks.
## Recommendations
1. **Enforce MFA:** All npm maintainers should use hardware-based MFA.
2. **Dependency Pinning:** Use `package-lock.json` and avoid using "caret" (^) or "tilde" (~) for critical dependencies without auditing.
3. **Automated Verification:** Implement tools that verify signatures and OIDC provenance of npm packages before installation in CI/CD pipelines.
4. **Credential Rotation:** Any developer who installed the malicious versions must treat their environment as fully compromised and rotate all secrets/keys.