In late March 2026, a major supply chain attack targeted Axios, one of the most widely used JavaScript HTTP clients with over 100 million weekly downloads. The incident involved unauthorized access to a maintainer’s npm account, allowing threat actors to distribute malicious package versions. These poisoned releases contained a hidden dependency that deployed a cross-platform Remote Access Trojan (RAT) affecting macOS, Windows, and Linux systems.
The attack was highly coordinated, leveraging obfuscation, anti-forensic techniques, and CI/CD bypass strategies. Although detection systems responded quickly, the incident exposed systemic weaknesses in software distribution ecosystems and dependency management practices.
Incident Overview
The attacker gained control of a key maintainer account and published two malicious versions of Axios: 1.14.1 and 0.30.4. These versions included a stealth dependency named [email protected], which was never actually used in the codebase but executed automatically during installation via a postinstall script.
This technique, known as a phantom dependency attack, relies on triggering malicious behavior during package installation rather than runtime execution. Once activated, the malware deployed platform-specific payloads and then erased traces of its presence by replacing infected files with clean versions.
Attack Timeline
The campaign was carefully staged over several hours:
- March 30, 2026: A clean decoy package ([email protected]) was published to build trust
- Later that day: A malicious version (4.2.1) was released with embedded payload
- Within minutes: Security scanners flagged the package
- Shortly after: Compromised Axios versions were published
- Within hours: npm removed the malicious packages and revoked access tokens
Despite rapid detection, the attack window was sufficient to impact multiple environments globally across industries such as finance, healthcare, and government.
Technical Analysis
Initial Compromise
The attacker bypassed GitHub’s OIDC Trusted Publisher mechanism by using a stolen npm token to manually publish packages. This eliminated the usual cryptographic linkage between source code and deployment pipelines, making the release appear legitimate at first glance.
No corresponding commits or tags existed in the official repository, confirming the attack occurred entirely at the package registry level.
Malware Delivery Mechanism
The malicious dependency executed a script (setup.js) that dynamically decoded its payload using layered obfuscation techniques, including XOR encryption and base64 transformations.
The script loaded system modules indirectly to avoid detection and executed different payloads depending on the operating system:
- macOS: Dropped an AppleScript that fetched a binary disguised as a system process
- Windows: Used VBScript and PowerShell to execute fileless malware in memory
- Linux: Downloaded and executed a Python-based RAT in the background
Each payload connected to a command-and-control (C&C) server and maintained persistence while minimizing forensic traces.
Indicators of Compromise (IOCs)
Domains and URLs
- hxxp://sfrclak[.]com:8000/
- hxxp://sfrclak[.]com:8000/6202033
- hxxp://sfrclak[.]com:8000/6202033.ps1
Files and Artifacts
- /tmp/6202033
- /tmp/ld.py
- %PROGRAMDATA%\wt.exe
- %TEMP%\6202033.vbs
- /Library/Caches/com.apple.act.mond
Suspicious Package
Behavioral Indicators
- Unexpected postinstall script execution
- Outbound HTTP POST requests to unknown domains
- File deletion and replacement within node_modules
- Background processes detached from parent execution
Anti-Forensics and Evasion
One of the most advanced aspects of this attack was its cleanup routine. After executing the payload, the malware removed its own files, deleted the package manifest, and restored a clean version of the package.
This meant that traditional post-incident inspection would show no obvious signs of compromise. The only reliable indicator was the presence of the malicious dependency directory itself.
Broader Campaign Insights
Further investigation revealed similar techniques used in related packages, indicating this was not an isolated incident but part of a wider campaign. Variants reused the same infrastructure and payload delivery mechanisms, suggesting a reusable attack toolkit.
Mitigation and Response
Organizations affected by this incident should take immediate action:
- Upgrade to safe versions ([email protected] or 0.30.3)
- Remove the malicious dependency and reinstall packages safely
- Rotate all credentials, including API keys and CI/CD secrets
- Rebuild systems from trusted sources if compromise is confirmed
- Block communication with identified C&C domains
- Enforce secure installation practices such as ignoring scripts during CI/CD
Strategic Takeaways
This attack highlights several critical lessons for the industry. Dependency trust cannot rely solely on reputation or download metrics. Automated pipelines, while efficient, introduce new attack surfaces when not tightly controlled.
Security teams must monitor not just application code but also installation behavior, network activity, and supply chain dependencies. Preventive controls like strict version pinning and disabling install scripts in production environments can significantly reduce risk.
Our Opinion
From a security perspective, this incident is a clear example of how modern attacks are shifting away from traditional vulnerabilities toward trust exploitation. The attacker did not need to break encryption or exploit software bugs. Instead, they targeted the human and procedural weak points in the software supply chain.
What stands out is the level of planning. The use of a clean decoy package, rapid deployment, and immediate anti-forensics shows that this was not an opportunistic attack but a well-prepared operation. The ability to bypass OIDC protections using a stolen token also raises serious concerns about credential security and monitoring.
In our view, the biggest takeaway is that current defenses are still too reactive. Detection happened quickly, but prevention failed. This gap is critical. Organizations must adopt a zero-trust approach to dependencies, where every package—even popular ones—is treated as potentially unsafe until verified.
Additionally, CI/CD pipelines need stronger isolation and monitoring. If installation scripts can execute arbitrary code, they effectively become an attack vector.
Overall, this case reinforces that supply chain security is no longer optional. It is now one of the most important layers in modern cybersecurity defense.
