Axios compromised on NPM – Malicious versions drop remote access trojan
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Axios NPM compromise, critical supply chain attack affecting developer dependencies.
Poisoned releases of axios@1.14.1 and 0.30.4 injected a fake dependency, plain-crypto-js@4.2.1, whose postinstall script acts as a cross-platform RAT dropper contacting sfrclak.com:8000. The attack, staged 18 hours in advance with self-destructing payloads, was detected by StepSecurity Harden-Runner via anomalous outbound connections during CI runs in projects like Backstage.
Audit all dependencies for unexpected postinstall scripts and enforce network anomaly detection in CI/CD pipelines to catch similar covert RAT deployments.
This demonstrates a surgically precise supply chain attack on a critical JS/TS dependency, bypassing traditional code reviews and evading post-install forensic checks, directly threatening the integrity of your cloud-native and microservices architectures.