Axios supply chain attack hits 80% of cloud environments

A sophisticated supply chain attack compromised the widely used Axios JavaScript library, injecting a cross-platform remote access trojan (RAT) into what security firm Wiz estimates is 80 percent of cloud and code environments. The incident, which involved malicious versions of the npm package being available for roughly three hours, represents one of the most significant breaches of the open-source ecosystem, given Axios’s 100 million weekly downloads.

“North Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency,” John Hultquist, chief analyst with Google’s Threat Intelligence Group (GTIG), said in a statement. “The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts.” GTIG has attributed the attack to UNC1069, a North Korean threat actor.

The attack began on March 31 when the threat actor published malicious versions axios@1.14.1 and axios@0.30.4 to the npm registry. This was achieved by compromising the npm account of the project's lead maintainer and using a legacy long-lived token to bypass the project's more secure OIDC-based publishing workflow. The malicious packages included a phantom dependency, plain-crypto-js, which contained a post-install script to download the RAT.

The breach highlights a critical vulnerability in the software supply chain, affecting a library with nearly 175,000 dependent projects. The attack’s impact on developer environments and CI/CD pipelines could lead to significant credential theft and lateral movement within corporate networks. For companies like Wiz and Snyk, the event underscores the need for stricter dependency management and runtime verification, potentially increasing demand for their security scanning and threat intelligence services.

How the Attack Unfolded

The attackers demonstrated significant operational sophistication. About 18 hours before the main attack, an account named nrwise published a clean decoy package, plain-crypto-js@4.2.0, to establish a legitimate history on the npm registry. Shortly before the Axios compromise, they updated it to version 4.2.1, which contained the malicious payload.

The compromised Axios versions added this malicious package as a dependency. When developers installed or updated Axios, the postinstall script in plain-crypto-js executed, contacting a command-and-control (C2) server at sfrclak.com to fetch platform-specific malware.

The malware was a cross-platform RAT with variants for Windows, macOS, and Linux.

On macOS, the binary was written to /Library/Caches/com.apple.act.mond and could self-sign injected payloads to bypass Gatekeeper.
On Windows, a PowerShell script masquerading as Windows Terminal (wt.exe) was copied to %PROGRAMDATA%, with persistence established via a registry Run key.
On Linux, a Python script was stored as /tmp/ld.py and executed.

After deploying the payload, the script attempted to erase its tracks by replacing the malicious package.json with a clean version, misleading developers who might inspect their installed packages.

Widespread Impact and Remediation

Though the malicious packages were removed from the npm registry within three hours, the high download velocity of Axios means a substantial number of systems were compromised. Wiz reported observing the malware executing in approximately 3 percent of affected environments it monitored. Security firm Huntress also reported over 100 affected devices.

Security experts are urging immediate action. Organizations are advised to audit their project lockfiles and CI/CD logs for any trace of axios@1.14.1, axios@0.30.4, or plain-crypto-js@4.2.1.

“Do not attempt to clean compromised systems. Rebuild from a known-clean snapshot,” Snyk researchers advised. Any environment where these versions were installed should be treated as fully compromised. All credentials, including npm tokens, cloud provider keys, and SSH keys, must be revoked and reissued.

For long-term defense, security teams should consider enforcing npm ci --ignore-scripts in automated build pipelines to prevent malicious scripts from running. Implementing package age policies, which block the installation of newly published packages, could also have prevented this attack, as the malicious plain-crypto-js dependency was less than a day old.

This article is for informational purposes only and does not constitute investment advice.