Popular HTTP Client Axios Hit by Sophisticated Supply Chain Attack, Malicious Versions Deliver Cross-Platform Remote Access Trojan.

Cahyo Dewo,

The widely-adopted HTTP client Axios has been at the center of a significant supply chain compromise, after two recently published versions of its npm package were found to contain a malicious dependency designed to deploy a sophisticated cross-platform remote access trojan (RAT). This incident, impacting a package with over 83 million weekly downloads, underscores the escalating threat landscape for software supply chains and the critical need for vigilance in dependency management.

Understanding the Attack Vector: Compromised Credentials and Malicious Injections

The attack unfolded when versions 1.14.1 and 0.30.4 of the Axios npm package were published with an unadvertised and malicious dependency: "plain-crypto-js" version 4.2.1. This rogue package was not a legitimate component of Axios but was cunningly injected to serve as a dropper for the trojan. Investigations by security researchers, notably from StepSecurity, revealed that the publication of these compromised versions was facilitated through the hijacked npm credentials of the primary Axios maintainer, identified as "jasonsaayman." This breach allowed the attackers to circumvent the project’s established GitHub Actions CI/CD (Continuous Integration/Continuous Delivery) pipeline, effectively bypassing crucial security checks and directly pushing the poisoned code to the npm registry.

The ability to compromise a primary maintainer’s account represents a severe security lapse, highlighting the vulnerability of even well-maintained open-source projects to credential theft. Such an attack bypasses many traditional security measures that focus on code review within the project’s repository, as the malicious code is introduced via an external, injected dependency at the publishing stage.

The Malicious Payload: A Cross-Platform Threat

The "plain-crypto-js" dependency, at its core, was designed with a singular, nefarious purpose: to execute a post-installation script that acts as a multi-platform RAT dropper. As detailed by security researcher Ashish Kurmi of StepSecurity, this dropper is capable of targeting a wide array of operating systems, including macOS, Windows, and Linux. Its function is to establish contact with a live command and control (C2) server and then deliver platform-specific, second-stage payloads tailored to the victim’s environment. A hallmark of the attacker’s sophistication is the subsequent self-deletion mechanism: after execution, the malware meticulously removes itself and replaces its own package.json file with a clean version, an advanced technique aimed at evading forensic detection and making post-infection analysis significantly more challenging.

This cross-platform capability signifies a broad attack surface, as Axios is utilized across diverse environments, from front-end web development frameworks like React and Vue.js to backend services built with Node.js, and various enterprise applications. The sheer ubiquity of Axios magnifies the potential impact of such a breach, making millions of installations potential targets.

Unpacking the Trojan’s Modus Operandi

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The embedded malware is initiated through an obfuscated Node.js dropper, specifically setup.js. This script intelligently branches its attack path based on the detected operating system. The C2 communication is orchestrated to receive platform-appropriate payloads from a single endpoint. Each platform sends a distinct POST body to the same C2 URL – packages.npm.org/product0 for macOS, packages.npm.org/product1 for Windows, and packages.npm.org/product2 for Linux. This streamlined approach allows the C2 server to efficiently serve the correct second-stage binary for the identified operating system.

For macOS systems, the downloaded second-stage binary is a C++-based RAT. This sophisticated malware performs system fingerprinting upon installation and then establishes a persistent communication channel with a remote server, beaconing every 60 seconds to retrieve commands. Its capabilities include running additional payloads, executing arbitrary shell commands, enumerating the file system, and even terminating its own process. This broad range of functionalities grants attackers significant control over compromised macOS systems.

SafeDep’s analysis of the Linux RAT revealed a similar command set to its macOS counterpart. Interestingly, the initial analysis indicated an absence of a persistence mechanism, meaning the malware might not survive across system reboots. This observation suggests two primary attack objectives: either the attackers aim for rapid data exfiltration during an active session, or they intend to leverage the RAT’s ability to execute binaries and shell commands to deploy a more persistent mechanism post-initial compromise. The latter scenario is particularly concerning, as it would allow the attackers to embed themselves deeply within compromised systems, maintaining long-term access.

A Calculated and Stealthy Operation: The Attack Timeline

The incident was characterized by its methodical planning and swift execution, as highlighted by Ashish Kurmi: "This was not opportunistic… The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct." This statement underscores the professional nature of the threat actor and the deliberate effort to maximize impact while minimizing detection.

The timeline of the attack, as reconstructed by security researchers, indicates a carefully coordinated effort:

  • Initial Staging: Approximately 18 hours prior to the malicious package publication, the plain-crypto-js dependency, along with its multi-platform payloads, was prepared and staged. This pre-computation ensured that the attack could be deployed rapidly once the npm credentials were compromised.
  • Credential Compromise: At an undisclosed time prior to the package release, the npm account of "jasonsaayman," a primary Axios maintainer, was compromised. This involved changing the registered email address to a Proton Mail address under the attacker’s control ("[email protected]"). This crucial step provided the attackers with the necessary authorization to publish new versions.
  • Malicious Package Publication: Within a tight window of 39 minutes, both the 1.14.1 and 0.30.4 versions of Axios were published to the npm registry. These versions included the injected [email protected] dependency. The plain-crypto-js package itself was published by an npm user named "nrwise" with the email address "[email protected]," suggesting a coordinated effort potentially involving multiple compromised or attacker-controlled accounts.
  • Malware Execution and Evasion: Upon installation of the compromised Axios versions, the postinstall script within plain-crypto-js was automatically triggered. This script deployed the cross-platform RAT, established C2 communication, and delivered the second-stage payloads. Critically, the malware then executed a sophisticated cleanup routine to cover its tracks.

This cleanup involved three distinct forensic evasion steps:

  1. Removing the postinstall script from the installed package directory.
  2. Deleting the package.json file that referenced the postinstall hook.
  3. Renaming a file named package.md to package.json.

The package.md file, notably included within plain-crypto-js, was a clean package.json manifest that did not contain the postinstall hook responsible for launching the dropper. By swapping the package manifests, the attackers intended to thwart any post-infection inspection of the package directory that might flag the malicious postinstall script. This level of obfuscation and forensic cleanup demonstrates a high degree of attacker sophistication and a clear intent for stealth and persistence.

The Broader Landscape of Supply Chain Attacks

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

This Axios incident is not an isolated event but rather a stark reminder of the growing threat of software supply chain attacks. In recent years, there has been a significant surge in attacks targeting open-source software ecosystems, from major incidents like SolarWinds to numerous smaller but impactful compromises of widely used libraries. Attackers increasingly recognize that compromising a popular library or a developer’s credentials can provide a pathway into thousands, if not millions, of downstream applications and systems.

The npm registry, as the world’s largest software registry, is a prime target due to its central role in the JavaScript ecosystem. While npm and its parent company, GitHub, continuously implement security measures, the sheer volume of packages and the distributed nature of open-source development present inherent challenges. This attack highlights a critical vector: the compromise of maintainer credentials, which can effectively bypass many technical safeguards.

Immediate Actions and Remediation

Upon detection, swift action was taken. The malicious Axios versions (1.14.1 and 0.30.4), along with the plain-crypto-js package, were promptly removed from the npm registry, preventing further downloads of the poisoned code.

For users who may have installed these compromised versions, immediate and decisive actions are imperative:

  • Downgrade Immediately: Users must downgrade their Axios installation to a safe version, specifically 1.14.0 or 0.30.3, or any version confirmed to be free of the malicious dependency.
  • Rotate Secrets and Credentials: Due to the nature of the RAT and its potential for arbitrary code execution and data exfiltration, all secrets, API keys, and credentials that were accessible from systems where the compromised Axios versions were installed must be rotated with immediate effect. This includes developer credentials, cloud provider API keys, database access credentials, and any other sensitive information.
  • Perform Comprehensive Security Scans: Affected systems should undergo thorough security scans to identify any remnants of the RAT or any other malicious components that may have been deployed.
  • Review Logs: System and application logs should be meticulously reviewed for any suspicious activity, unauthorized network connections, or unusual process executions that might indicate compromise.

To assist in identifying potential compromise, security researchers recommend performing specific checks:

  • Inspect the package.json file in the installed Axios package for the presence of plain-crypto-js.
  • Check the node_modules/axios/node_modules directory for the plain-crypto-js folder.
  • Search for suspicious network connections originating from systems where the affected versions were installed.
  • Look for the execution of the setup.js script or any unusual binaries.

Tracing the Attackers and Related Campaigns

Further investigations by Socket, another supply chain security company, uncovered additional packages distributing the same malware through similar vendored dependency tactics. These included:

In the case of @shadanai/openclaw, the package directly bundled the malicious plain-crypto-js payload within its node_modules structure, for example, at @shadanai/openclaw/files/2026.3.31-1/dist/extensions/slack/node_modules/plain-crypto-js/setup.js. This method bypasses the need for npm install plain-crypto-js as a separate step, making it a "vendored" dependency that is already present.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Even more insidious, @qqbrowser/[email protected] shipped a tampered version of [email protected] directly within its node_modules/ folder, with plain-crypto-js already injected as a dependency. As Socket noted, "The real axios has only three dependencies (follow-redirects, form-data, proxy-from-env). The addition of plain-crypto-js is unambiguous tampering." When npm processes such a vendored Axios, it still triggers the malicious postinstall script within the pre-installed plain-crypto-js, perpetuating the same attack chain. This discovery indicates a potentially broader campaign leveraging this specific malware, using various distribution methods to maximize reach.

Implications for Developers and Enterprises

The Axios incident sends a strong message to the entire software development community. For individual developers, it highlights the inherent risks of relying on external dependencies without robust verification. For enterprises, which often integrate hundreds or thousands of open-source components into their products and internal systems, such an attack poses a significant business continuity and data security risk. A compromised HTTP client like Axios could potentially allow attackers to intercept sensitive data, inject malicious code into web applications, or gain a foothold within internal networks.

The subtlety of the attack, where no malicious code was directly injected into the Axios source files themselves but rather through a transitive dependency and a compromised maintainer account, makes traditional code review processes less effective. This emphasizes the need for advanced supply chain security tools that can analyze dependency trees, detect suspicious postinstall scripts, and verify the integrity of package maintainers.

Strengthening Software Supply Chain Security

This incident serves as a critical call to action for strengthening software supply chain security. Key measures and best practices include:

  • Multi-Factor Authentication (MFA): Enforcing MFA for all npm accounts, especially for maintainers of popular packages, is paramount to prevent credential compromise.
  • Dependency Auditing and Scanning: Regular and automated scanning of all dependencies for known vulnerabilities and suspicious behavior is crucial. Tools that can analyze postinstall scripts and identify unusual network connections initiated by packages are becoming indispensable.
  • Least Privilege: Ensuring that build systems and CI/CD pipelines operate with the principle of least privilege, limiting their access to only what is strictly necessary.
  • Code Signing and Verification: Implementing robust code signing and verification mechanisms for published packages can help ensure their authenticity and integrity.
  • Supply Chain Security Platforms: Adopting specialized supply chain security platforms that monitor dependencies, detect anomalies, and provide real-time alerts.
  • Developer Education: Educating developers about the risks of supply chain attacks, secure coding practices, and the importance of verifying package origins and integrity.
  • Incident Response Planning: Having a clear incident response plan in place for supply chain compromises, including communication protocols, remediation steps, and forensic analysis procedures.

The Axios supply chain attack is a potent reminder that the security of modern software extends far beyond the perimeter of an organization’s own code. It encompasses every component, every library, and every dependency imported into a project. As the digital landscape continues to evolve, so too must the strategies employed to safeguard the integrity of the software that powers our world. Vigilance, robust security practices, and collaborative efforts across the open-source community are essential to mitigate these pervasive and sophisticated threats.

Cybersecurity & Digital Privacy

Leave a Reply

Your email address will not be published. Required fields are marked *