Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT-lazarusholic

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT

2026-03-31, Snyk
https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/
#Axios #NPM

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
March 30, 2026
0 mins readOn March 31, 2026, two malicious versions of axios, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account. The packages contained a hidden dependency that deployed a cross-platform remote access trojan (RAT) to any machine that ran npm install
(or equivalent in other package managers like Bun) during a two-hour window.
The malicious versions (1.14.1
and 0.30.4
) were removed from npm by 03:29 UTC. But in the window they were live, anyone whose CI/CD pipeline, developer environment, or build system pulled a fresh install could have been compromised without ever touching a line of Axios code.
TL;DR
Snyk Advisory | |
Affected versions |
|
Root cause | Hijacked npm maintainer account |
Malicious dependency |
|
Payload | Cross-platform RAT (macOS, Windows, Linux) |
C2 server |
|
Published |
|
Removed | 03:29 UTC (March 31, 2026) |
Safe …

IoC

http://sfrclak.com:8000
http://sfrclak.com
142.11.206.73
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

lazarusholic

Everyday is lazarus.day^β

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT

Contents

IoC