Certain releases of Axios, one of the most downloaded packages in the entire npm ecosystem, have been compromised in a supply chain attack.

Axios is an HTTP client for JavaScript that is widely integrated into enterprise CI/CD pipelines and which regularly sees 100 million+ downloads a week.

Axios has over 170,000 downstream packages dependent on it and is arguably a de facto industry standard for handling API calls.

Versions 1.14.1 & 0.30.4 on npm were confirmed by security researchers to be malicious – seemingly after attackers compromised a maintainer’s account. Axios’ maintainers moved swiftly to deprecate the versions. 

But both versions were live for some three hours. (npm download data gives a crude steer towards how many malicious downloads may have happened, even if the malicious versions are not featured; it's a significant number.)

SOC analysts at Huntress Labs flagged the malware appearing on "multiple hosts across different organizations and accounts" so despite the swift takedown the blast radius is likely to be significant given Axios' ubiquity.

"On every compromised host, the RAT performed immediate system reconnaissance: enumerating user directories, filesystem drive roots, and running processes, and transmitted this data to the C2. The RAT maintained a 60-second beacon loop, ready to accept further commands including arbitrary script execution and in-memory binary injection. For Windows hosts, the RAT established persistence that would survive reboots and re-download the payload on every user login." - Huntress

If you installed either version before takedown, assume compromise. 

Huntress Labs said: “Axios is a transitive dependency for countless packages, CI/CD pipelines, developer workstations, and production applications worldwide. The scope of this compromise is significant: any environment that ran npm install and resolved to axios@1.14.1 or axios@0.30.4 during the approximately three-hour exposure window may have executed the malicious payload automatically with no user interaction required.”

Welp! What shall I do?

Check your dependencies and lockfiles for:

Check feature branches and open PRs for these versions. If found, remove them or roll back to a known safe version immediately. 

IOCs below, via Socket.

Network Indicators

  • C2 domain: sfrclak[.]com
  • C2 IP: 142.11.206.73
  • C2 URL: http://sfrclak[.]com:8000/6202033
  • POST body (macOS): packages[.]npm[.]org/product0
  • POST body (Windows): packages[.]npm[.]org/product1

POST body (Linux): packages[.]npm[.]org/product2

File System

  • /Library/Caches/com.apple.act.mond — macOS payload
  • %PROGRAMDATA%\wt.exe — renamed copy of powershell.exe (Windows)
  • %TEMP%\6202033.vbs — VBScript launcher (Windows, self-deletes)
  • %TEMP%\6202033.ps1 — PowerShell payload (Windows, self-deletes)
  • /tmp/ld.py — Python payload (Linux)
  • $TMPDIR/6202033 — temp file (all platforms)

Supply chain security firm StepSecurity’s founder Ashish Kurmi wrote late Monday: “The malicious versions inject a hidden dependency that drops a cross platform remote access trojan targeting macOS, Windows, and Linux. 

The payload by platform is:

  • Linux: A Python RAT dropped to /tmp
  • macOS: A binary disguised under Apple cache naming conventions. (Elastic Security’s Joe Desimone reverse-engineered the macOS second-stage binary before the C2 went offline. The payload is a fully functional remote access trojan written in C++.)
  • Windows: A hidden PowerShell script with execution policy bypass 

Kurmi added on LinkedIn: “The malware contacts a live C2 server and delivers platform specific payloads, then deletes itself to evade detection… If you have installed any of the affected versions, assume full system compromise. Pin to known safe versions and rotate all secrets immediately.”

Axios is often a default choice for developers starting new projects in React, Vue, or Angular – as such, the potential blast radius is potentially significant. 

StepSecurity’s team emphasised: “There are zero lines of malicious code inside axios itself, and that's exactly what makes this attack so dangerous.

“Both poisoned releases inject a fake dependency, plain-crypto-js@4.2.1, a package never imported anywhere in the axios source, whose sole purpose is to run a postinstall script that deploys a cross-platform remote access trojan. The dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy. 

They added in a blog: “A developer who inspects their node_modules folder after the fact will find no indication anything went wrong…”

The research team at security firm Socket added: “When the attack first happened, Axios maintainers were unable to regain control of the project. 

Socket’s team noted: In a public GitHub issue, a collaborator stated they could not revoke access from the account responsible for the malicious publish, noting that the attacker’s permissions exceed their own…”

The Huntress team concluded: "Developer workstations and CI/CD runners are high-value targets. These environments commonly hold npm tokens, SSH keys, cloud credentials, API keys, .env files, and other secrets. Any system that executed the malicious payload should be treated as a full credential-theft scenario."

The link has been copied!