Threat Brief: Widespread Impact of the Axios Supply Chain Attack

A sophisticated supply chain attack compromised the Axios JavaScript library after threat actors hijacked an npm maintainer account, releasing malicious versions v1.14.1 and v0.30.4. These versions contained a hidden dependency called plain-crypto-js, which deployed a cross-platform remote access Trojan affecting Windows, macOS, and Linux systems. The malware performed reconnaissance, established persistence, and included self-destruct capabilities for evasion. Using a heavily obfuscated dropper script, the attack fetched platform-specific payloads from a command-and-control server while disguising traffic as legitimate npm registry requests. All variants shared identical C2 protocols and beaconed every 60 seconds. The campaign impacted multiple sectors across the U.S., Europe, Middle East, South Asia, and Australia, with analysis showing overlap with DPRK-linked operations.

Pulse ID: 69cda35868f6af78fc09b167
Pulse Link: https://otx.alienvault.com/pulse/69cda35868f6af78fc09b167
Pulse Author: AlienVault
Created: 2026-04-01 22:59:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Australia #CyberSecurity #DPRK #ELF #Europe #InfoSec #Java #JavaScript #Linux #Mac #MacOS #Malware #MiddleEast #NPM #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SouthAsia #SupplyChain #Trojan #Windows #bot #iOS #AlienVault