Supply-Chain Compromise of axios npm Package

A coordinated supply chain attack targeted the axios npm package, compromising two versions (1.14.1 and 0.30.4) by injecting a malicious dependency. The attack delivered a cross-platform Remote Access Trojan to macOS, Windows, and Linux systems. The compromise occurred through the lead maintainer's npm account, bypassing normal publishing workflows. The malicious payload performed system reconnaissance, established persistence on Windows, and provided remote access capabilities. The attack affected numerous organizations and potentially exposed sensitive credentials. Immediate mitigation steps include pinning to safe versions, removing malicious dependencies, rotating credentials, and blocking the command and control server.

Pulse ID: 69cbf7d7db7968b35905f4fe
Pulse Link: https://otx.alienvault.com/pulse/69cbf7d7db7968b35905f4fe
Pulse Author: AlienVault
Created: 2026-03-31 16:35:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Linux #Mac #MacOS #NPM #OTX #OpenThreatExchange #RemoteAccessTrojan #SupplyChain #Trojan #Windows #bot #iOS #AlienVault