Attack on axios in npm: how one compromised account put millions of JavaScript projects at risk

A serious incident in the JavaScript ecosystem highlights the growing danger of open source and supply chain attacks. StepSecurity researchers reported the compromise of axios, one of the most popular HTTP libraries in npm. The attacker gained access to an account of one of the leading project maintainers and published two malicious versions of the package: [email protected] and [email protected].

At first glance, this looks like a regular dependency update. But in reality, installing these versions could lead to a system infection with a remote access trojan.

What happened

According to researchers, the attack was not related to a hack of the GitHub repository itself or bypassing the standard CI/CD via GitHub Actions. The scenario was simpler and more dangerous: the attacker compromised the maintainer's account, changed the linked email to ProtonMail, and manually published the infected builds through npm CLI.

That’s why the usual publishing defense mechanisms essentially failed. If an attacker has maintainer rights, they can deliver malicious code as though it were a regular release from a trusted project participant.

Why it’s dangerous

The main issue is that axios is a widely used dependency. It is used not only in user projects but also in internal services, backend applications, automation scripts, and CI/CD pipelines.

This means the malicious version could have spread to:

  • developer workstations;

  • build servers;

  • test and production pipelines;

  • infrastructure where tokens, keys, and other secrets are stored.

If the infected package was installed in CI, the consequences could be especially severe: leakage of environment variables, access tokens to GitHub, npm, clouds, Docker Registry, and other internal systems.

How the malware was embedded

The infected versions of axios included a dependency [email protected]. Notably, this library was not actually needed by axios itself and was not used for its intended purpose. Its task was different — to run a postinstall script after the package was installed.

This script acts as a dropper for the malicious payload. After installation, it connects to the command-and-control server sfrclak.com (142.11.206.73) and begins downloading the second stage of the script depending on the operating system.

Three platforms were immediately affected:

  • macOS

  • Windows

  • Linux

What the Trojan does

After launch, the malicious code not only loads the payload but also attempts to hide its presence. According to researchers, it deletes traces of its activity and replaces the package.json with a clean version to complicate analysis and the search for the source of the leak.

Later, Socket AI confirmed that plain-crypto-js is an obfuscated dropper and loader using fairly advanced obfuscation techniques:

  • code deobfuscation only during execution;

  • dynamic loading of modules like fs, os, and execSync;

  • executing shell commands on the host;

  • placing files in temporary directories and in ProgramData on Windows;

  • deleting or renaming its own artifacts after launch.

In other words, this was not a “broken package” but a fully-fledged malicious delivery mechanism.

Indicators of Compromise

Researchers recommend paying attention to the following signs:

Packages:

Network activity:

  • sfrclak.com

  • 142.11.206.73

Files on hosts:

  • macOS: /Library/Caches/com.apple.act.mond

  • Windows: %PROGRAMDATA%\wt.exe

  • Linux: /tmp/ld.py

If one of these versions of axios was installed, the system should be considered potentially compromised.

What to do right now

The minimal set of actions looks like this:

  • check whether [email protected] or [email protected] was used;

  • roll back to safe versions: [email protected] or [email protected];

  • check lock files, build history, and installation logs;

  • look for outgoing connections to sfrclak.com and 142.11.206.73;

  • scan machines for known indicator files;

  • rotate tokens, API keys, passwords, and other secrets if the compromised version was installed even once.

For CI/CD, it is also recommended to use a flag during installation:

npm install --ignore-scripts

This is not a universal protection, but it helps block the execution of malicious postinstall scripts in the build environment.

Conclusion

The issue with axios is important not only because one of the most popular JavaScript libraries was compromised. This incident highlights a broader issue: even if an open-source project has normal pipelines and basic security measures, the compromise of a maintainer’s account can bypass these mechanisms and turn a regular dependency update into a channel for delivering malicious code.

The danger here is not limited to just the users of the library itself. Since axios is used in a huge number of applications, internal services, automation tools, and CI/CD environments, such a publication potentially affects thousands of projects and companies. Essentially, this is not just an attack on a specific package, but on the entire trust model within the npm ecosystem.

That is why, if at least theoretically [email protected] or [email protected] could have appeared in your infrastructure, you should treat the situation as a full-fledged cybersecurity incident. Simply rolling back the version is not enough: systems, network activity, infection artifacts, and all secrets that potentially compromised machines might have accessed need to be checked. In the case of supply chain attacks, the main risk is not just the malicious package itself, but how deep it can get into the trusted development environment.

A UFO came and left a promo code for our blog readers:

Comments

    Also read