Axios Compromised on npm – Malicious Versions Drop Remote Access Trojan

The popular JavaScript HTTP client library, axios, was compromised on npm with malicious versions 1.14.1 and 0.30.4, injecting a hidden dependency, [email protected], which executes a postinstall script that drops a cross-platform remote access trojan (RAT). This sophisticated supply chain attack hijacked a maintainer's npm account to publish poisoned releases that contact a command-and-control server, deploy platform-specific payloads, self-delete to avoid detection, and were detected by StepSecurity’s tools, with remediation guidance provided.

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top