Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios Supply Chain Attack: Cross-Platform RAT Injected via npm Dependency Poisoning

For General Readers (Journalistic Brief)

A significant security breach has been uncovered within the world of open-source software development, impacting a widely used tool called Axios. Axios is a popular JavaScript library that helps developers make requests to web servers, a fundamental task in building modern applications.

In this incident, malicious actors exploited a clever tactic known as a "supply chain attack." Instead of directly attacking Axios, they compromised a less prominent, but critical, component that Axios relies on. By gaining unauthorized access to an administrator account for the npm package registry – the central repository for JavaScript code – the attackers were able to inject a malicious piece of software, a type of Remote Access Trojan (RAT), into a dependency called plain-crypto-js.

When developers installed or updated Axios, this malicious code was automatically pulled in and executed. This RAT is designed to be stealthy and can operate on Windows, macOS, and Linux systems, potentially giving attackers control over infected machines. This event underscores the inherent risks in using shared software components and highlights the urgent need for enhanced security measures throughout the software development lifecycle.

Technical Deep-Dive

1. Executive Summary

A critical supply chain compromise has been identified, impacting specific versions of the widely adopted JavaScript HTTP client, Axios. Threat actors successfully injected a cross-platform Remote Access Trojan (RAT) into the Axios ecosystem by compromising an npm maintainer account and leveraging a transitive dependency. The malicious payload was delivered indirectly via plain-crypto-js version 4.2.1, exploiting the postinstall script hook. The RAT is engineered for stealth, incorporating self-deletion mechanisms and package.json manipulation to evade detection and hinder forensic analysis. The attack vector affects Windows, macOS, and Linux systems, underscoring the severe risks associated with compromised software supply chains. The precise method by which the npm maintainer account was compromised remains unconfirmed.

CVSS Score: Not publicly disclosed.
Affected Products: Axios versions 1.14.1 and 0.30.4.
Severity Classification: Critical (due to the nature of supply chain compromise, potential for remote code execution, broad cross-platform impact, and difficulty in detection/remediation).

2. Technical Vulnerability Analysis

CVE ID and Details: Not publicly disclosed. This incident is classified as a supply chain compromise, not a specific CVE-assigned vulnerability within the Axios codebase itself. The attack vector exploits the trust model of the npm ecosystem and package installation lifecycle.
Root Cause (Code-Level): The fundamental cause is not a programming flaw within Axios but rather the compromise of an npm maintainer's credentials and the subsequent abuse of the npm package installation lifecycle. Specifically, the postinstall script hook within a malicious version of a transitive dependency (plain-crypto-js v4.2.1) was leveraged. This script is designed to execute arbitrary code upon package installation, thereby enabling the threat actor to inject and execute their payload.
- CWE Classification:
  - CWE-1194: Use of a Vulnerable Third-Party Component (The compromised dependency facilitated the attack).
  - CWE-269: Improper Privilege Management (Potential for the RAT to exploit elevated privileges on the build system or endpoint).
  - CWE-426: Untrusted Search Path (If the RAT relied on manipulating system paths for execution).
  - CWE-502: Deserialization of Untrusted Data (Potentially used by the RAT for C2 communication or payload processing).
  - CWE-798: Use of Hard-coded Credentials (If the RAT's C2 configuration was hardcoded).
  - CWE-20: Improper Input Validation (If the RAT processed external inputs insecurely).
Affected Components:
- Axios: Versions 1.14.1 and 0.30.4.
- plain-crypto-js: Version 4.2.1 (identified as the direct vector for malicious code injection).
- npm Ecosystem: The entire npm package registry is implicitly at risk due to the potential for similar compromises and the inherent trust placed in published packages.
Attack Surface:
- npm Package Registry: The primary attack surface, serving as the distribution platform for the compromised packages.
- Build Systems/CI/CD Pipelines: Environments executing npm install, especially those with automated dependency fetching and potentially elevated privileges.
- Developer Workstations: Machines where developers execute npm install for local development, introducing the risk to development environments.
- Transitive Dependencies: The indirect mechanism of propagation, making direct attribution to the primary package (Axios) challenging without deep dependency tree analysis.

3. Exploitation Analysis (Red-Team Focus)

Red-Team Exploitation Steps:
1. Prerequisites:
  - Compromised npm Maintainer Account: Gaining privileged access to an npm account with publishing capabilities.
  - Dependency Chain Knowledge: Understanding the dependency graph of popular packages like Axios.
  - Cross-Platform RAT Development: Creation of a RAT payload capable of executing on Windows, macOS, and Linux.
  - Vulnerable Transitive Dependency: Identification or creation of a specific version of a dependency (plain-crypto-js v4.2.1) to host the malicious postinstall script.
  - Command and Control (C2) Infrastructure: Establishment of C2 servers, potentially spoofing legitimate npm domains for reconnaissance evasion.
2. Access Requirements:
  - Initial Compromise: Secure an npm maintainer account through methods such as credential stuffing, phishing, password spraying, or exploitation of npm's account management vulnerabilities.
  - Package Publishing: Utilize the compromised account to publish a malicious version of plain-crypto-js (v4.2.1) containing the postinstall script.
  - Dependency Poisoning: Ensure this malicious dependency is incorporated into Axios (v1.14.1, v0.30.4) via dependency updates, or wait for downstream projects to update their dependencies.
3. Exploitation Steps:
  - A developer or CI/CD pipeline executes npm install for a project dependent on Axios v1.14.1 or v0.30.4.
  - The npm client resolves the dependency tree, fetching plain-crypto-js v4.2.1.
  - During the installation of plain-crypto-js, the postinstall script is automatically invoked.
  - The postinstall script (JavaScript, executed by Node.js) performs the following:
    - Obfuscation/Evasion: Employs techniques to conceal its malicious intent.
    - Payload Delivery: Downloads the actual RAT executable or script from the attacker's C2 infrastructure (e.g., /product0, /product1, /product2 endpoints on spoofed packages.npm.org).
    - Execution: Spawns a new process to execute the downloaded RAT payload, typically using Node.js APIs like child_process.exec.
    - Self-Deletion/Cleanup: Attempts to remove traces of its execution, including the downloaded payload and potentially modifying package.json to remove the postinstall entry or the malicious dependency itself.
4. Payload Delivery: The RAT payload is retrieved from the attacker-controlled C2 infrastructure. The exact format (e.g., PE executable, ELF binary, shell script) is not specified but must be cross-platform.
5. Post-Exploitation:
  - RAT Execution & C2: The RAT establishes a persistent or semi-persistent connection to the C2 server.
  - Reconnaissance: Gathers system information (OS, architecture, user context, network configuration, running processes).
  - File System Operations: Enumerates files/directories, potentially exfiltrates sensitive data.
  - Command Execution: Enables remote attackers to execute arbitrary commands on the compromised system.
  - Evasion: Continues to employ stealth techniques, such as process injection, fileless execution, or masquerading.
Public PoCs and Exploits: No specific public PoCs or exploit modules are referenced in the provided text. The general technique of postinstall script abuse for supply chain attacks is a known methodology. Red teams can simulate this by constructing a mock npm registry and a malicious package.
Exploitation Prerequisites:
- Network Connectivity: The compromised system must be able to establish outbound connections to the attacker's C2 infrastructure.
- Node.js Runtime: A functional Node.js environment must be present for npm install and postinstall scripts to execute.
- Vulnerable Dependency Version: The project must utilize Axios v1.14.1 or v0.30.4, which transitively pulls in plain-crypto-js v4.2.1.
- Absence of Security Controls: Lack of robust dependency scanning, postinstall script analysis, or egress filtering.
Automation Potential: High. The exploitation is automated by the npm install process once the malicious package is published and adopted. The RAT itself is designed for automated remote control. This attack vector is highly suitable for worm-like propagation if the RAT includes self-propagation capabilities.
Attacker Privilege Requirements:
- Initial Access: Requires elevated privileges within the npm ecosystem (maintainer account).
- Execution on Target: The postinstall script executes with the privileges of the user running npm install. This can range from a low-privileged developer user to a root/administrator user on misconfigured build systems.
Worst-Case Scenario:
- Confidentiality: Unauthorized access and exfiltration of sensitive source code, intellectual property, user credentials, and any data processed by applications built using the compromised libraries.
- Integrity: Malicious modification of application logic, data corruption, or introduction of persistent backdoors.
- Availability: Disruption of build pipelines, deployment failures, or complete system compromise leading to denial of service. In a widespread scenario, this could impact critical infrastructure or large-scale software deployments.

4. Vulnerability Detection (SOC/Defensive Focus)

How to Detect if Vulnerable:
- Dependency Audit:
  - Execute npm audit to check for known vulnerabilities. Note that this specific incident might not have an immediate npm audit entry.
  - Manually inspect package.json and package-lock.json for the presence of plain-crypto-js version 4.2.1.
  - Utilize npm ls to traverse the dependency tree and identify all installed versions.
- Configuration Artifacts: The presence of plain-crypto-js version 4.2.1 in package-lock.json or the node_modules directory is a strong indicator of potential vulnerability.
- Proof-of-Concept Detection Tests (Safe):
  - Simulated npm install: In an isolated, air-gapped environment, create a minimal package.json dependent on Axios v1.14.1 or v0.30.4. Monitor network traffic and file system changes during npm install.
  - Dependency Scanner Simulation: Scan a project with the vulnerable dependencies using tools like OWASP Dependency-Check or Snyk to observe their findings.
Indicators of Compromise (IOCs):
- File Hashes: Unknown hashes for files appearing in node_modules or temporary directories during npm install.
- Network Indicators:
  - Outbound connections to unusual domains or IPs, especially those mimicking packages.npm.org or containing /product[0-9] paths.
  - Connections to IP addresses associated with known malicious infrastructure.
  - Unusual User-Agent strings in HTTP requests originating from build agents or developer machines.
- Process Behavior Patterns:
  - node or npm processes spawning unexpected child processes (e.g., powershell.exe, bash, python scripts).
  - Processes attempting to delete their own files or other files within the node_modules directory or system temporary directories.
  - Execution of scripts from unusual locations (e.g., within node_modules subdirectories).
  - Unusual network activity from node or npm processes.
- Registry/Config Changes: (Less likely for initial infection, but possible for RAT persistence)
  - Creation of new registry keys for persistence (e.g., Run keys).
  - Modification of system configuration files.
- Log Signatures:
  - npm logs indicating the installation of plain-crypto-js v4.2.1.
  - System logs (e.g., Sysmon) showing suspicious process creation (node spawning powershell, bash, etc.).
  - Firewall logs showing unexpected outbound connections from build servers or developer machines.
  - DNS logs showing queries for spoofed packages.npm.org domains.

SIEM Detection Queries:

KQL (Azure Sentinel / Microsoft Defender for Endpoint):

DeviceProcessEvents
| where Timestamp > ago(7d)
| where FileName =~ "node.exe" or FileName =~ "npm.cmd" or FileName =~ "npm.exe"
| where ProcessCommandLine has "install"
| mv-expand ChildProcesses = parse_json(InitiatingProcessCommandLine) // Note: This syntax might need adjustment based on actual schema for child process command lines. Assuming a structure where child process info is available.
| where ChildProcesses has "powershell.exe" or ChildProcesses has "bash" or ChildProcesses has "python.exe"
| project Timestamp, DeviceName, FileName, ProcessCommandLine, InitiatingProcessCommandLine, ChildProcesses

Log Sources: DeviceProcessEvents (Microsoft Defender for Endpoint), WindowsEventLogs (Security, Sysmon - Event ID 1).

SPL (Splunk):

index=* (sourcetype=npm:install OR sourcetype=sysmon:eventid=1 OR sourcetype=windows:security)
(process_name="node.exe" OR process_name="npm.cmd" OR process_name="npm.exe")
(command_line="*install*" OR command_line="*postinstall*")
(child_process_name="powershell.exe" OR child_process_name="bash" OR child_process_name="python.exe")
| stats count by _time, host, process_name, command_line, child_process_name

Log Sources: npm logs, Sysmon (Event ID 1 - Process Creation), Windows Security Event Logs (Event ID 4688 - Process Creation).

Sigma Rule (Conceptual):

title: Suspicious Node.js Post-Install Script Execution
id: 1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d
status: experimental
description: Detects suspicious process execution originating from Node.js post-install scripts, potentially indicating a supply chain attack.
author: Your Name
date: 2026/03/31
references:
  - https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
logsource:
  category: process_creation
  product:
    - windows
    - linux
    - macos
detection:
  selection_npm:
    Image|endswith:
      - 'node.exe'
      - 'npm.cmd'
      - 'npm.exe'
  selection_command:
    CommandLine|contains:
      - 'install'
      - 'postinstall'
  selection_child_process:
    ParentImage|endswith: # This would map to Image field in Splunk/KQL, needs Sigma mapping
      - 'node.exe'
      - 'npm.cmd'
      - 'npm.exe'
    Image|endswith:
      - 'powershell.exe'
      - 'bash'
      - 'python.exe'
  condition: selection_npm and selection_command and selection_child_process
falsepositives:
  - Legitimate package installations with complex post-install scripts.
level: high
tags:
  - attack.execution
  - attack.t1059
  - supply_chain

Log Sources: Sysmon (Event ID 1), Auditd (Linux), macOS Unified Logging.

Behavioral Indicators:
- Post-Installation Anomalies: Unexpected file creation, modification, or deletion within the node_modules directory or system temp folders immediately after npm install.
- Process Chaining: npm or node processes spawning shells (cmd.exe, bash), scripting interpreters (powershell.exe, python.exe), or other executables without clear justification.
- Network Egress: Unsolicited outbound network connections from build agents or developer machines, particularly during or shortly after dependency installation.
- Self-Modification/Deletion: Processes attempting to delete their own executables or script files.
- System Information Gathering: Execution of commands or scripts that enumerate system details, network configurations, or user privileges.

5. Mitigation & Remediation (Blue-Team Focus)

Official Patch Information: No direct patch for Axios addresses this specific supply chain compromise. Mitigation involves removing the vulnerable dependency and implementing secure dependency management practices.
- Fix: Remove plain-crypto-js v4.2.1 and any direct or transitive dependencies that pull it in. Update Axios to a version that does not rely on the malicious dependency.
- Affected Versions: Axios 1.14.1, Axios 0.30.4.
- Fixed Versions: Not applicable as it's a supply chain issue. The remediation is to avoid the compromised dependency.
Workarounds & Temporary Fixes:
- Dependency Pinning: Strictly pin all direct and transitive dependencies in package-lock.json or yarn.lock to known good versions. Regularly audit these lock files.
- Disable postinstall Scripts: Configure npm or your CI/CD system to disallow or quarantine postinstall scripts from untrusted sources. This is a significant configuration change and may break legitimate workflows.
- Dependency Scanning: Implement automated dependency scanning tools (e.g., Snyk, Dependabot, OWASP Dependency-Check) in CI/CD pipelines to flag known vulnerable or malicious packages.
- Network Egress Filtering: Implement strict firewall rules to permit outbound connections only to approved domains and IPs from build servers and developer machines. Block access to arbitrary external sites.
- WAF/IDS/IPS Signatures: Develop custom signatures to detect known malicious C2 patterns or suspicious npm install activity.
- Environment Segmentation: Isolate build environments and CI/CD pipelines from production networks. Utilize ephemeral build agents that are destroyed after each job.
Manual Remediation Steps (Non-Automated):
1. Identify Affected Projects:
  - Search codebase and dependency management files (package.json, package-lock.json) for plain-crypto-js version 4.2.1.
  - Use npm ls plain-crypto-js to check the installed version in the node_modules directory.
2. Remove Malicious Dependency:
  - If plain-crypto-js v4.2.1 is found, remove it:
    - npm uninstall plain-crypto-js
    - Update Axios to a version that does not transitively include it.
    - Manually edit package-lock.json to remove the entry and then run npm install --force (use with extreme caution).
3. Rebuild and Redeploy: After dependency cleanup, rebuild the application and redeploy.
4. Scan for Persistence: If systems were potentially compromised, perform thorough endpoint scans for lingering malicious artifacts or persistence mechanisms.
5. Review npm Account Security: If managing npm packages, immediately review and strengthen the security of all npm accounts, enabling MFA and revoking suspicious sessions.
Example PowerShell Command to Check for Vulnerable Dependency:
```
# Navigate to your project directory first
npm ls plain-crypto-js --depth=10 | Select-String "4.2.1"
```
Example Bash Command to Check for Vulnerable Dependency:
```
# Navigate to your project directory first
npm ls plain-crypto-js --depth=10 | grep "4.2.1"
```
Risk Assessment During Remediation:
- Temporary Instability: Removing or updating dependencies may introduce regressions or break functionality if not thoroughly tested.
- Incomplete Removal: If the RAT has established persistence or performed malicious actions, simply removing the dependency will not undo the damage.
- Re-infection: Without addressing the root cause (e.g., compromised build environment, lack of scanning), the project could be reinfected by future malicious packages.
- Detection Blind Spots: If detection mechanisms are not robust, the initial compromise might go unnoticed, leaving systems vulnerable for an extended period.

6. Supply-Chain & Environment-Specific Impact

CI/CD Impact: High. CI/CD pipelines are prime targets due to automated npm install and potential elevated privileges. Compromise can lead to widespread distribution of malicious software. Build artifacts generated from compromised pipelines will be inherently untrusted.
Container/Kubernetes Impact: High. If container images are built using vulnerable Axios versions or its dependencies, the resulting images will be compromised. Container isolation (e.g., Docker's process isolation) will not prevent the RAT from executing within the container if the postinstall script runs. Kubernetes security relies on secure base images and build processes; compromised builds lead to compromised deployments.
Supply-Chain Implications: Severe. This incident exemplifies a classic supply chain attack, highlighting the reliance on trust within the open-source ecosystem. Dependency management tools and practices are directly impacted, necessitating more rigorous verification and security controls for all third-party code.

7. Advanced Technical Analysis

Exploitation Workflow (Detailed):
1. Maintainer Account Compromise: Threat actor gains credentials for an npm maintainer account (e.g., via phishing, credential stuffing).
2. Malicious Package Creation: Actor creates a new version of plain-crypto-js (v4.2.1) containing a malicious postinstall script. This script is designed to download and execute a cross-platform RAT.
3. Publishing Malicious Package: Actor publishes plain-crypto-js v4.2.1 to the npm registry using the compromised account.
4. Dependency Update/Adoption: Axios (v1.14.1 or v0.30.4) is updated to depend on plain-crypto-js v4.2.1, or a downstream project using Axios is updated and pulls in this version.
5. Victim npm install: A developer or CI/CD system runs npm install for a project dependent on the compromised Axios versions.
6. postinstall Execution: npm fetches plain-crypto-js v4.2.1. The postinstall script within this package executes.
7. RAT Download & Execution: The postinstall script contacts the attacker's C2 infrastructure (e.g., spoofed-packages.npm.org/product0) to download the RAT payload. The script then executes this payload using Node.js's child_process module.
8. RAT C2 Communication: The RAT establishes a connection to the C2 server, awaiting commands.
9. Evasion & Persistence: The RAT attempts to delete its installation artifacts and potentially establish persistence on the host.
Code-Level Weakness: The "weakness" is not in Axios's code but in the trust model of the npm ecosystem and the execution of arbitrary code via postinstall scripts. The postinstall script would likely contain JavaScript code leveraging Node.js APIs such as:
- require('child_process').exec() or require('child_process').execFile() to run downloaded binaries or scripts.
- require('http').get() or require('https').get() to download the RAT payload from the C2.
- require('fs').unlink() or require('fs').rm() to delete files.
- Potentially require('package.json') manipulation to alter project metadata.
Related CVEs & Chaining:
- Similar Vulnerabilities: This incident is part of a broader trend of supply chain attacks targeting package managers (npm, PyPI, Maven). Examples include Log4Shell (CVE-2021-44228), which demonstrated the widespread impact of compromised dependencies. Other npm-specific attacks have involved malicious packages with similar postinstall abuse.
- Chaining: While not explicitly chained with other CVEs in this report, a sophisticated attacker could chain this initial compromise with other vulnerabilities on the target system to escalate privileges or achieve further objectives. For instance, if the RAT runs with low privileges, it could then exploit a local privilege escalation vulnerability.
Bypass Techniques:
- WAF/IDS/IPS: The initial postinstall script might be obfuscated or use base64 encoding to evade signature-based detection. C2 traffic might mimic legitimate HTTPS traffic, making it harder for network security devices to identify.
- EDR: The RAT would likely employ EDR evasion techniques:
  - Process Hollowing/Injection: Injecting its code into legitimate running processes.
  - Fileless Execution: Running entirely in memory without writing executables to disk.
  - Masquerading: Naming its processes or files to resemble legitimate system components.
  - Anti-Debugging/Anti-VM: Detecting analysis in a sandbox or debugger.
- Sandboxing: Sophisticated RATs can detect sandboxed environments and alter their behavior or remain dormant. The self-deletion mechanism is a direct countermeasure to sandbox analysis.

8. Practical Lab Testing

Safe Testing Environment Requirements:
- Isolated Network: A completely air-gapped or highly segmented network environment.
- Virtual Machines (VMs): Dedicated VMs, not connected to production or sensitive networks.
- Disposable Build Agents: Ephemeral build agents destroyed after each test run for CI/CD integration testing.
- Mock npm Registry: A local, mock npm registry (e.g., Verdaccio) to control package versions and simulate malicious package distribution.
- Controlled Test Project: A minimal Node.js project with a package.json explicitly depending on the vulnerable Axios versions.
How to Safely Test:
1. Set up Mock Registry: Configure Verdaccio or a similar tool to serve specific versions of plain-crypto-js and Axios.
2. Create Malicious Package (Simulated): Create a plain-crypto-js v4.2.1 package with a postinstall script that logs to a file instead of downloading a real payload. This script should simulate RAT actions (e.g., creating a dummy file, attempting self-deletion).
3. Configure Test Project: Create a package.json dependent on Axios v1.14.1 or v0.30.4, which in turn depends on your mock plain-crypto-js v4.2.1.
4. Run npm install in Isolation: Execute npm install within the isolated VM, pointing to your mock registry.
5. Monitor System Activity: Use tools like strace (Linux), Process Monitor (Windows), or Sysmon to observe file system changes, process creation, and network connections during npm install.
6. Analyze Logs: Review logs from the postinstall script and system monitoring tools.
7. Test Detection Rules: Deploy SIEM detection rules and verify they trigger on simulated malicious activity.
8. Test Mitigation: After simulating the attack, apply proposed mitigations (e.g., dependency pinning, disabling scripts) and re-run npm install to confirm prevention of malicious execution.
Test Metrics:
- Successful Detection: Percentage of simulated attacks detected by SIEM rules.
- Successful Mitigation: Percentage of simulated attacks prevented by implemented mitigations.
- Time to Detect: Average time for detection rules to alert after simulated attack initiation.
- Time to Remediate: Average time to identify and remove the vulnerable dependency in a test environment.
- IOC Correlation: Ability to correlate observed activity with defined IOCs.

9. Geopolitical & Attribution Context

State-Sponsored Involvement: No public evidence or attribution of state-sponsored involvement is provided in the source material.
Targeted Sectors: The source material does not specify targeted sectors beyond the broad impact on any organization using the affected Axios versions. Supply chain attacks are often used to gain initial access to a wide range of targets for later exploitation or espionage.
Attribution Confidence: Currently unconfirmed. The method of npm account compromise is unknown.
Campaign Context: This incident appears to be a standalone supply chain compromise focused on distributing a RAT. It is not explicitly linked to any known APT campaigns based on the provided information.
If unknown: Attribution currently unconfirmed. The method of npm maintainer account compromise is not publicly disclosed.

10. References & Sources

The Hacker News: https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
StepSecurity (Analysis provider)
SafeDep (Analysis provider)
npm Documentation (for postinstall scripts and package management)
OWASP Top 10 (for general vulnerability context)
MITRE ATT&CK Framework (for TTP mapping)