Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Top npm package backdoored to drop dirty RAT on dev machines

  • Attackers hijacked the npm account of Axios, a JavaScript HTTP client with 100 million weekly downloads, publishing malicious versions axios@1.14.1 and axios@0.30.4 to deliver remote access trojans targeting Linux, Windows, and macOS systems.
  • Security firm StepSecurity found the threat actor compromised the npm account of Jason Saayman, Axios's primary maintainer, swapping the email for an anonymous ProtonMail inbox and manually pushing infected packages via npm CLI to bypass GitHub Actions safeguards.
  • Ashish Kurmi, StepSecurity's CTO and co-founder, stated the operation was 'not opportunistic,' as the malicious dependency was staged 18 hours in advance with three OS-specific payloads and self-destructing traces, making it among the most sophisticated supply chain attacks ever documented.
  • Kurmi warned 'If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised,' urging developers to rotate credentials and rebuild machines; users should downgrade to axios@1.14.0 or axios@0.30.3 immediately.
  • Campaigns like 'Shai-Hulud 2.0' show attackers increasingly targeting software supply chains to siphon credentials and maintain persistence, though researchers have not linked this Axios compromise to a specific threat actor and noted it lacks characteristics of recent TeamPCP attacks.
Insights by Ground AI

21 Articles

NextgovNextgov
Center

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

“The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts,” ...

Read Full Article
TechCrunchTechCrunch
Center

Hacker hijacks Axios open-source project, used by millions, to push malware

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.

·United States
Read Full Article
The RegisterThe Register
Center

Top npm package backdoored to drop dirty RAT on dev machines

: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios

Read Full Article
UpstractUpstract
Center

A supply chain attack compromises HTTP client Axios, which has 100M weekly npm downloads, introducing a malicious dependency and deploying a multi-stage payload (Socket)

Socket: A supply chain attack compromises HTTP client Axios, which has 100M weekly npm downloads, introducing a malicious dependency and deploying a multi-stage payload — Socket Research Team … Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan …

Read Full Article
BleepingComputerBleepingComputer
Center

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.

Read Full Article
Tenable®Tenable®

Supply chain attack on Axios npm package: Scope, impact, and remediations

The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeawaysThis incident is a confirmed supply chain attack. The presence of malicious Axios versions (1.14.1 or 0.30.4) signifies a conf…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

IT Security News - cybersecurity, infosecurity news broke the news in on Tuesday, March 31, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Supply Chain icon

Supply Chain

Apple icon

Apple

Cyberattacks icon

Cyberattacks

Cryptocurrency icon

Cryptocurrency

Infrastructure icon

Infrastructure

Business & Markets icon

Business & Markets

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal