What happened?
On March 30, 2026, StepSecurity identified two malicious versions of Axios - axios@1.14.1 and axios@0.30.4 - capable of delivering a cross-platform Remote Access Trojan (RAT). The packages were published to npm, an online database of JavaScript packages, and were available for approximately 3 hours before being unpublished.
Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, with approximately 100 million weekly downloads on npm and adoption across frontend frameworks, backend services, and enterprise applications, making this one of the most impactful npm supply chain attacks on record.
The malicious variants add a dependency, plain‑crypto‑js@4.2.1, that installs malware affecting macOS, Windows and Linux. The injected code is triggered through an obfuscated Node.js dropper, a small piece of code designed to fetch and launch further malicious components. This connects to a live command‑and‑control (C2) server and retrieves platform‑specific second‑stage payloads. After execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection.
Researchers have identified that this attack was made possible through the misuse of compromised npm credentials belonging to the primary Axios maintainer "jasonsaayman", allowing attackers to bypass the project's GitHub Actions Continuous Integration and Continuous Delivery (CI/CD) pipeline.
Microsoft Threat Intelligence has attributed the C2 infrastructure and compromise to Sapphire Sleet, a North Korean state actor that has been active since at least March 2020, whose focus is primarily on the finance sector, including cryptocurrency, venture capital, and blockchain organisations.
So what?
As Axios is included indirectly through other packages that depend on it, and is therefore pulled into thousands of frameworks, tools and applications, many affected organisations across a broad range of sectors may not immediately realise that their software relies on it. This indirect exposure significantly complicates the task of identifying and remediating compromised environments.
From a regulatory standpoint, organisations that processed personal data on compromised systems may face notification obligations under the UK GDPR, the EU GDPR and equivalent frameworks. The presence of keylogging and file exfiltration capabilities within the RAT raises the prospect that sensitive data, including credentials, intellectual property and personal information, may have been accessed or extracted without authorisation. Organisations should therefore consider this incident within the context of their data breach response procedures.
What should I do?
Systems that have installed malicious versions of Axios should be treated as compromised; any secrets and credentials should be rotated immediately to mitigate any potential breach.
The malicious versions of Axios, as well as the related package plain-crypto-js, have been removed from npm – as such, this can either be updated to 1.15.0 or downgraded to a safe version (such as 1.14.0/0.30.3 or earlier).
The malware embedded within the malicious packages removes itself after it runs, meaning that subsequent inspection of the node_modules directory will not reveal evidence of infection; as such, CI/CD logs should be examined for any pipeline runs that may have installed these versions.
The behaviour of the payload varies by operating system. If any of the RAT artefacts listed in the indicators of compromise (IoCs) below are identified, systems should be rebuilt from a known‑good state, rather than cleaning the files in situ.
Indicators of Compromise (IoCs)
Malicious Packages
- axios@1.14.1 (sha1: 2553649f2322049666871cea80a5d0d6adc700ca)
- axios@0.30.4 (sha1: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71)
- plain-crypto-js@4.2.1 (sha1: 07d889e2dadce6f3910dcbc253317d28ca61c766)
Network Command and Control (C2)
- sfrclak[.]com
- 142.11.206[.]73
- sfrclak[.]com:8000/6202033
File system artefacts
- macOS: /Library/Caches/com.apple.act.mond (sha256: 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a)
- Windows: %PROGRAMDATA%\wt.exe, %TEMP%\6202033.vbs, %TEMP%\6202033.ps1 (sha256: 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 - PowerShell)
- Linux: /tmp/ld.py (sha256: fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf)