Full Report
The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeawaysThis incident is a confirmed supply chain attack. The presence of malicious Axios versions (1.14.1 or 0.30.4) signifies a confirmed security breach rather than a potential risk. Organizations must move beyond “patching” and initiate full incident response playbooks for any host where these packages are detected. If affected, organizations must immediately quarantine hosts, apply incident response playbooks, and rotate all exposed secrets. In the last supply chain attacks we observed, attackers were very quick to abuse any exposed secrets, credentials, or API keys, usually abusing them a couple of hours after leakage. This highlights how short the window is for response for defenders. Because these attacks will keep happening, passive defense is insufficient. Organizations must implement strict security measures — such as minimum package age policies, pinning dependencies, auditing lockfiles, and actively scanning environments — to protect against the next inevitable supply chain compromise.Introduction: Axios supply chain compromise A critical software supply chain attack compromised “Axios,” a highly popular npm package with over 100 million weekly downloads, commonly used as a promise-based HTTP client for the browser and Node.js. Attackers successfully hijacked a maintainer account and embedded a hidden, malicious dependency into two newly published versions of Axios. The attacker injected a malicious package called “plain-crypto-js” into the dependency tree of the Axios package. The package “plain-crypto-js” utilized a postinstall script to execute a remote access trojan (RAT) dropper during the installation process.Because the embedded malware executes immediately upon installation of this highly popular NPM package, the scope of this breach is potentially massive. Any environment that downloaded these compromised versions of Axios is at risk of severe data theft, including the loss of credentials and API keys.Frequently asked questions (FAQs) about Axios supply chain attackWhen was the Axios npm package first compromised?The first malicious versions of Axios were uploaded on March 31, 2026 at 1 AM UTC.What happened? What did threat actors do? Attackers hijacked the npm account of Axios’s lead maintainer and published two malicious versions of the Axios package: version “1.14.1” and version “0.30.4”.Rather than altering Axios’s source code, they added “[email protected]” as a dependency for the Axios package.Installing “plain-crypto-js” automatically executes a double-obfuscated Node.js dropper (setup.js) using npm’s postinstall lifecycle hook. “postinstall” hooks can be used to execute code during the installation process. This is a very common technique used by malicious npm packages that we expect to see more and more in the future.Once deobfuscated, the dropper identified the victim’s host operating system and reached out to the attacker’s command and control (C2) server (sfrclak[.]com:8000) to pull a second-stage payload.The second stage payload is a RAT tailored to the OS, supporting MacOS, Windows, and Linux.Has the Axios developer addressed this issue?All of the malicious versions of Axios have been removed from the public registry. It is now safe to install new versions of Axios.How can I tell if I’m running malicious versions of Axios? To determine if you are affected, scan your environment for the presence of the malicious versions of the affected packages. Look specifically for versions 1.14.1 and 0.30.4 and these other indicators of compromise (IOCs):NameIOCInfected PackageName: “Axios”Version: “1.14.1”Infected PackageName: “Axios”Version: “0.30.4”Infected PackageName: “plain-crypto-js”Version : allSHA256 of Javascript dropper named “setup.js”e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09Attacker C2 Domainsfrclak[.]comThe presence of the vulnerable versions in the filesystem likely means that it was installed using the npm package manager, and therefore, infected the relevant host. That’s why you should treat any system where you find malicious versions of Axios as fully compromised and immediately implement relevant incident response and containment playbooks.If affected, organizations must immediately quarantine hosts, apply incident response playbooks, and rotate all exposed secrets. In the last supply chain attacks we observed, attackers were very quick to abuse any exposed secrets, credentials, or API keys, usually abusing them a couple of hours after leakage. This highlights how short the window is for response for defenders.Because these attacks will keep happening, passive defense is insufficient. Organizations must implement strict security measures — such as minimum package age policies, pinning dependencies, auditing lockfiles, and actively scanning environments — to protect against the next inevitable supply chain compromise.How can Tenable help me address the supply chain attack on the Axios npm package? Tenable One continuously, automatically, and proactively detects the malicious versions of Axios across both on-premises and cloud environments.Tenable Nessus and Tenable Cloud Security, both part of the Tenable One Exposure Management platform, continuously monitor for new indicators of compromise (IOCs) and track research associated with this evolving campaign.A list of Tenable plugins to identify the malicious package will appear here as soon as they're released. Tenable Cloud Security classifies affected packages as malicious. Detected packages will appear in your Tenable console environment the next time data is synced.ConclusionThis security incident affecting the Axios npm package is a critical reminder that massive software supply chain attacks remain a recurring threat. Threat actors continuously exploit the trust in open source ecosystems to get around organizations’ traditional, perimeter-based security controls and deliver malicious software at scale.
Analysis Summary
# Incident Report: Axios NPM Package Supply Chain Compromise
## Executive Summary
A critical software supply chain attack occurred when the npm account of the Axios lead maintainer was hijacked to publish malicious versions of the popular HTTP client library. The attackers injected a malicious dependency, `plain-crypto-js`, which executes a Remote Access Trojan (RAT) dropper immediately upon installation. Given Axios’s reach of over 100 million weekly downloads, the incident poses a massive risk for global data theft and credential leakage.
## Incident Details
- **Discovery Date:** March 31, 2026 (Consistent with publication)
- **Incident Date:** March 31, 2026, 01:00 UTC
- **Affected Organization:** Axios (Open Source NPM Project)
- **Sector:** Information Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 31, 2026, at 1 AM UTC
- **Vector:** Account Hijack
- **Details:** Attackers gained unauthorized access to the npm account of the Axios lead maintainer.
### Lateral Movement
- **Mechanism:** Dependency Injection
- **Details:** The threat actor published two malicious versions of Axios (1.14.1 and 0.30.4) which included a new malicious dependency named `[email protected]`.
### Data Exfiltration/Impact
- **Risk:** High risk of API key and credential theft.
- **Details:** Once the RAT is active, it targets environment secrets. Attackers have been observed using leaked secrets within hours of a compromise.
### Detection & Response
- **Discovery:** Identified via security research/registry monitoring.
- **Response Actions:** Malicious versions were removed from the public npm registry. Security providers (like Tenable) released detection plugins for impacted environments.
## Attack Methodology
- **Initial Access:** Hijacking of a trusted maintainer's npm credentials.
- **Persistence:** Installation of a platform-specific Remote Access Trojan (RAT) on the host.
- **Defense Evasion:** Use of a double-obfuscated Node.js dropper script (`setup.js`).
- **Discovery:** The dropper identifies the victim's host operating system (Windows, MacOS, or Linux) to deliver the appropriated payload.
- **Execution:** Utilization of the npm `postinstall` lifecycle hook to run malicious code automatically during package installation.
- **Command and Control:** Communication with `sfrclak[.]com` over port 8000.
- **Impact:** Deployment of a second-stage RAT tailored to the OS for data theft and remote control.
## Impact Assessment
- **Financial:** Potential for significant loss via stolen cloud provider credentials and API keys.
- **Data Breach:** Exposure of sensitive environment variables, credentials, and secrets.
- **Operational:** High; requires immediate quarantine of infected hosts and full-scale incident response.
- **Reputational:** High impact on the perceived security of the Axios project and the npm ecosystem.
## Indicators of Compromise
- **Network Indicators:**
- `sfrclak[.]com:8000` (C2 Server)
- **File Indicators (SHA256):**
- `e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09` (`setup.js` dropper)
- **Malicious Package Versions:**
- `Axios` v1.14.1
- `Axios` v0.30.4
- `plain-crypto-js` (All versions)
## Response Actions
- **Containment:** Immediately quarantine any host where the malicious versions were detected.
- **Eradication:** Remove malicious packages and perform a full system scan for secondary payloads (RATs).
- **Recovery:** Rotate all secrets, API keys, and credentials that were present on the host at the time of infection.
## Lessons Learned
- **The Windows of Opportunity is Small:** Attackers often abuse stolen credentials within hours of the initial compromise.
- **Dependency Trust:** Pure source code audits of a primary package are insufficient if the dependency tree is not also monitored for unauthorized changes.
- **Lifecycle Hooks:** `postinstall` scripts remain a primary vector for malware execution in the npm ecosystem.
## Recommendations
- **Security Policies:** Implement minimum package age policies (e.g., prevent the use of packages less than 24-48 hours old).
- **Lockfile Auditing:** Regularly audit lockfiles for unexpected or unknown new dependencies.
- **Dependency Pinning:** Use specific versions and subresource integrity checks where possible.
- **Scanning:** Actively scan CI/CD environments and developer workstations for known malicious package versions.