Axios NPM Package Compromised in Precision Attack

The Axios JavaScript NPM package, known for its prominence as a JavaScript HTTP client library, faced a significant compromise this week, which may implicate North Korean threat actors.

March 31, 2026
The recent breach of the Axios NPM package marks one of the most impactful supply chain attacks observed within the open-source development community in recent months.

Axios serves as the premier JavaScript HTTP client library, boasting over 400 million downloads each month via NPM. Security vendor StepSecurity identified and detailed the publication of two malicious versions on NPM: [email protected] and [email protected].

In their blog post discussing the incident, StepSecurity reported that these versions introduced a harmful dependency known as [email protected], which masquerades as the legitimate crypto-js library. This malicious package executes a script that installs a remote-access Trojan (RAT) capable of operating on Windows, Linux, and Mac platforms. The attack was initiated following the compromise of the lead maintainer's account, "jasonsaayman."

"The dropper contacts a live command-and-control server and delivers platform-specific, second stage payloads. Following execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection," stated StepSecurity's blog. "There are zero lines of malicious code inside axios itself, and that's exactly what makes this attack so dangerous."

The malicious packages remained active for a few hours (approximately three hours for both versions of Axios) before NPM took decisive action to remove all associated markers of the campaign. Given Axios's widespread use and the duration of availability for the malicious versions (one version of plain-crypto-js was publicly visible for over 21 hours before a security hold was enacted, as per an Endor Labs blog), organizations are urged to look for indicators of compromise, which are enumerated in blog posts by StepSecurity, Endor Labs, and Socket.

Feross Aboukhadijeh, CEO of Socket, advised Dark Reading in an email that incidents of this nature necessitate immediate verification of dependencies by development teams within the JavaScript ecosystem.

What Do the Axios Attackers Want?

The attribution of this attack has been a point of contention. Initial reports linked the activity to TeamPCP, a threat group recognized for engaging in cloud-native threats, including ransomware activities. However, a recent statement from Google attributed the attack to the suspected North Korean threat actor UNC1069.

John Hultquist, chief analyst at Google Threat Intelligence Group, conveyed via email that while the full scope of the incident remains unclear, it is anticipated to have extensive ramifications. Notably, North Korea has a history of conducting similar operations, further heightening the severity of the situation.

Kurmi noted that the manner in which the RAT operates indicates the attackers may be engaged in access brokering or espionage rather than direct credential theft.

"The RAT's first action is device profiling (hostname, username, OS, processes, directory walk) before doing anything else — that's cataloging, not looting. A blunt infostealer grabs credentials and leaves; this one fingerprints the environment and waits for instructions, pointing to initial access brokerage or targeted espionage," he explained. "Axios is utilized within developer environments that contain source code, deployment keys, and cloud credentials, which would be of no value to a cryptominer. The 18-hour pre-staging, concurrent branch poisoning, and anti-forensics suggest an actor with prior experience."

If North Korea is indeed involved, Kurmi emphasized that this fundamentally alters the narrative, as UNC1069 is notably associated with North Korea’s Lazarus Group, which aims to bolster the DPRK's finances through cryptocurrency theft and the acquisition of credentials for wallet or fintech access. Noteworthy is the implication that this incident would signify DPRK's inaugural successful compromise of a top-10 npm package.

New Standard for Open Source Supply Chain Attack Sophistication

The open-source supply chain has encountered an array of significant threats in recent months, including Shai-hulud and GlassWorm. However, the attack on Axios stands out for several reasons. While many previous open-source supply chain attacks have employed opportunistic strategies and brute force techniques, the sophistication demonstrated in the Axios incident sets a concerning precedent.