Security Firms Detail How axios npm Compromise Delivered Cross-Platform RAT

A supply chain attack against axios, the JavaScript HTTP client recording over 100 million weekly npm downloads, introduced a cross-platform remote access trojan through a phantom dependency that executed silently during package installation, erased its own traces, and left developers with no visible sign of compromise in axios source code itself.

The attack, which began March 30 and ran into March 31, 2026, centered on two malicious package versions: 1.14.1 under the current release branch and 0.30.4 under the legacy 0.x line. Publishing both simultaneously ensured poisoned dist-tags resolved for the widest possible population of users, regardless of which version pin they held. The malicious packages remained available for approximately two hours and 54 minutes, a window that coincided with high development activity across Asia-Pacific time zones.

The mechanism was deliberately indirect. Rather than inserting malicious code into axios itself, the attacker introduced plain-crypto-js version 4.2.1 as a new dependency. That package, published by an npm account named "nrwise" using the address nrwise@proton.me, carried a postinstall script that staged the RAT on the host. Once executed, the dropper deleted its own files and swapped in a clean copy of package.json, eliminating artifacts from the node_modules directory and complicating post-infection forensics. As Snyk noted in its analysis, "there are zero lines of malicious code inside axios itself."

Elastic Security Labs filed a GitHub Security Advisory to the axios repository on March 31 at 01:50 AM UTC to coordinate disclosure and prompt action from maintainers and the npm registry. Snyk and StepSecurity each published independent technical timelines within hours. Those writeups, credited by incident responders across corporate CI/CD environments, provided actionable indicators including the plain-crypto-js package name, the compromised maintainer account identified with the email ifstap@proton.me, and the precise UTC window for audit review.

Google's Threat Intelligence Group linked the operation to a North Korea-nexus threat actor, noting that the compromised maintainer account had been taken over rather than created for the attack. "The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts," a chief Google analyst said.

Remediation guidance that circulated through the security community called for immediate rotation of any secrets or keys that could have been exposed on developer machines or CI runners during the attack window, a full rebuild of any artifacts assembled using npm installs from that period, and a sweep of lockfiles for any reference to plain-crypto-js. Endpoints that ran automated npm installs in pipelines were flagged for forensic review, and cyber insurers began outreach to major dependent organizations.

The incident reinforced the case for mandatory two-factor authentication on package-registry accounts, CI attestation, signed release artifacts, and reproducible builds in hermetic CI environments. With axios serving as one of the most foundational libraries in the Node.js ecosystem, the attack illustrated how a credential compromise at a single maintainer account can threaten a downstream install base in the hundreds of millions within a window shorter than a standard business meeting.