Skip to content 
What Security Teams Should Know Immediately
- Axios was targeted via npm, turning a trusted package into a supply chain risk.
- The malicious package used staged dependency behavior to reduce suspicion and improve delivery.
- The attack path focused on post-install execution, making CI/CD and developer environments especially exposed.
- Primary impact includes credential and secret theft such as SSH keys, npm tokens, cloud credentials, and environment files.
- Immediate remediation matters: pin safe versions, rotate secrets, reinstall clean dependencies, and audit suspicious outbound activity.
Table of Contents
This breach highlights a critical evolution in how attackers exploit trusted open-source libraries to gain deep access to enterprise environments. Here is a brief breakdown of what happened, how it works, and how to protect your organization.
The Attack: When and How It Started
The incident began early on March 31, 2026, when a primary maintainer’s npm account was compromised. The attacker bypassed modern security protocols—specifically OIDC Trusted Publishing—by using a “classic” long-lived access token to manually publish poisoned versions of the package: axios@1.14.1 and axios@0.30.4.
To avoid triggering “new package” alerts, the attacker pre-staged a dependency called plain-crypto-js 18 hours earlier, establishing a fake history before injecting the malicious payload into the Axios update.
Technical Breakdown: The “Plain-Crypto-JS” Trojan
The attack is a textbook example of a Remote Access Trojan (RAT) delivery.
- The Vector: The malicious Axios versions pull in plain-crypto-js@4.2.1.
- The Trigger: A postinstall script in the package automatically executes a file named setup.js the moment a developer or CI/CD pipeline runs npm install.
- Cross-Platform Payloads: The malware detects the host OS and delivers tailored payloads:
- Windows: Hijacks PowerShell and executes a hidden script.
- macOS: Uses AppleScript to drop a background binary in system caches.
- Linux: Executes a Python-based RAT via nohup for persistence.
Attacker Gains: What is at Stake?
The goal of this campaign is high-value data exfiltration. The RAT is designed to harvest:
- Cloud Credentials: AWS, GCP, and Azure access keys.
- Developer Secrets: SSH private keys, npm tokens, and .env files.
- CI/CD Access: Kubernetes tokens and build-server environment variables.
By compromising Axios, attackers gained a potential foothold in millions of production environments, ranging from small startups to global enterprise clouds.
Detection Evasion
This malware is particularly dangerous because it self-destructs. After launching the second-stage RAT, the setup.js script deletes itself and replaces the package.json with a “clean” stub. This makes the package look legitimate during manual inspections or standard npm audit scans.
Remediation: Immediate Steps
If your team performed an install or build on March 31, 2026, take these steps immediately:
- Downgrade and Pin: Revert to axios@1.14.0 (for 1.x users) or axios@0.30.3 (for 0.x users).
- Rotate Secrets: Assume any environment variables, AWS keys, or SSH keys present on the machine during the install are compromised and rotate them immediately.
- Clean Cache: Run npm cache clean –force and delete your node_modules before a clean reinstall with –ignore-scripts.
- Network Audit: Check for outbound connections to the C2 domain sfrclak.com.
The Axios breach is a stark reminder that even the most trusted dependencies require continuous, AI-driven behavioral monitoring. At SecurifyAI, we help you stay ahead of these evolving supply chain threats.