Axios Front-End Library npm Supply Chain Poisoning Alert

On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version with a Trojan backdoor through the npm CLI. When the user installs it, a persistent remote control will be established on the host. The impact is wide-ranging, and relevant users are requested to take measures for investigation and protection as soon as possible.

Pulse ID: 69cd1aa5d630ea626fc62588
Pulse Link: https://otx.alienvault.com/pulse/69cd1aa5d630ea626fc62588
Pulse Author: AlienVault
Created: 2026-04-01 13:16:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Email #GitHub #HTTP #InfoSec #NPM #OTX #OpenThreatExchange #SupplyChain #Trojan #bot #iOS #AlienVault