Threat actors hijacked the npm account of Axios to distribute RAT malware via malicious package updates.
Threat actors compromised the npm account of Axios, a widely used library with over 100M weekly downloads, and published malicious versions to spread remote access trojans across Linux, Windows, and macOS. The supply chain attack was identified by multiple security firms after the rogue updates appeared on the npm registry.
Malicious versions of Axios (1.14.1 and 0.30.4) were published within an hour without OIDC verification or matching GitHub commits, raising immediate red flags. Researchers believe attackers compromised maintainer Jason Saayman’s npm account.
“Anyone who installed either version before the takedown should assume their system is compromised. The malicious versions inject a dependency (plain-crypto-js) that deploys a cross-platform remote access trojan targeting macOS, Windows, and Linux.” read the report published by Aikido Security.
The impact is unclear, but given Axios’ ~400M monthly downloads, many downstream projects may have been exposed during the brief attack window.
Socket researchers reported that a malicious package called plain-crypto-js@4.2.1 was published and detected within minutes, likely as part of a coordinated attack targeting Axios. Attackers inserted this dependency into two compromised Axios versions, allowing malware to spread through a trusted library used by millions of projects. Because many developers rely on automatic updates, affected versions could be installed without notice.
The malicious code was designed to stay hidden. It used obfuscation techniques to avoid detection and ran automatically during installation through a post-install script. Once executed, it checked the operating system (Windows, macOS, or Linux) and downloaded a second-stage payload tailored to each platform. In the case of macOS, researchers confirmed the delivery of a fully functional remote access trojan (RAT) capable of collecting system information, communicating with a command-and-control server, and executing commands.
“Security researcher Joe Desimone from Elastic Security captured and reverse-engineered the macOS second-stage binary before the C2 went offline. The payload is a fully functional remote access trojan written in C++.” reads the report published by Socket.
To avoid being discovered, the malware removed its own traces after running. It deleted installation files and restored clean-looking package content, making the infected library appear normal. The experts believe the attack was possible due to the compromise of a maintainer account, enabling unauthorized publishing of malicious updates.
Given the huge number of Axios downloads, the potential impact is significant, even though the exposure window was relatively short.
Socket security researchers found two more packages spreading the same malware through hidden dependencies linked to Axios. The package @shadanai/openclaw included the malicious plain-crypto-js deep inside its code, using identical obfuscation, command-and-control infrastructure, and self-deleting behavior. Another package, @qqbrowser/openclaw-qbot, used a different method by bundling a tampered Axios version that silently installed the malicious dependency.
In both cases, the infection likely happened automatically when these projects pulled the compromised Axios release. This shows how a single poisoned dependency can quickly spread across many projects, especially with automated builds and fast package publishing pipelines.
To check if you’re affected by the Axios attack, verify if your project includes malicious versions (1.14.1 or 0.30.4) or the hidden plain-crypto-js package. Look for leftover files or RAT artifacts on macOS, Windows, or Linux systems. Even if some files were removed, traces may remain. Alternatively, use automated tools like Aikido to scan dependencies and quickly detect any compromised packages.
Both Socket and Aikido provided Indicators of compromise (IOCs) for this supply chain attack.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, supply chain attack)
