Axios NPM Supply Chain Attack Delivering Platform-Specific RATs

On March 31, 2026, the official Axios node package manager (npm) package was compromised in a supply chain attack. The attack resulted in the deployment of two malicious versions, v1.14.1 and v0.30.4. Axios is a widely-used JavaScript library for making HTTP requests, with approximately 100 million downloads per week. The malicious packages were available for around three hours. The compromised packages introduced a fake runtime dependency, ‘plain-crypto-js’, that executes automatically after installation. This dependency then communicates with attacker-controlled infrastructure at 142.11.206.73, pulling down platform-specific payloads for Linux, MacOS, and Windows. The payloads are remote access trojans (RATs), enabling the attackers to gather information and execute additional malicious activities.

Attack Chain

1. The attacker compromised the Axios NPM package and injected malicious code.
2. Malicious versions v1.14.1 and v0.30.4 were published to the NPM registry.
3. The malicious packages introduce a fake runtime dependency named ‘plain-crypto-js’.
4. Upon installation of the compromised package, the ‘plain-crypto-js’ dependency executes automatically via a post-install script.
5. The dependency connects to the attacker-controlled IP address 142.11.206.73 to retrieve a platform-specific payload.
6. On MacOS, a binary named “com.apple.act.mond” is downloaded and executed using zsh.
7. On Windows, a PowerShell script (6202033.ps1) is downloaded, and the legitimate powershell.exe is copied to “%PROGRAM DATA%\wt.exe”, and the ps1 script is executed with hidden and execution policy bypass flags.
8. On Linux, a Python backdoor is downloaded and executed. The downloaded executables act as Remote Access Trojans (RATs) exfiltrating credentials and enabling remote management.

Impact

This supply chain attack could lead to significant compromise across numerous organizations using the Axios library. The actors exfiltrate credentials and gain remote management capabilities. All credentials present on systems that installed the malicious package should be considered compromised and immediately rotated. The widespread use of Axios means the impact could extend to many applications and systems, potentially enabling further attacks leveraging compromised credentials. Supply chain attacks like these affecting widely used libraries, as seen in 25% of the top 100 vulnerabilities in the Cisco Talos 2025 Year in Review, highlight the substantial risk they pose.

Recommendation

• Roll back to safe Axios versions (v1.14.0 or v0.30.3) immediately to prevent further compromise, as mentioned in the overview.
• Investigate systems that downloaded malicious packages (v1.14.1 or v0.30.4) for signs of follow-on payloads from the actor-controlled infrastructure, as described in the overview.
• Block the actor-controlled IP address 142.11.206.73 and domain Sfrclak.com at the network perimeter to prevent further communication with the malicious infrastructure, per the IOC list.
• Monitor for execution of PowerShell scripts from unusual locations, specifically “%PROGRAM DATA%\wt.exe”, as part of the attack chain.
• Implement a process creation rule to alert when processes connect to external IPs using uncommon parent processes. See example rule below.