Compromised axios npm package delivers cross-platform RAT
Contents
Key points and observations
- On March 31, 2026, an attacker hijacked an axios npm maintainer account and published two malicious releases:
[email protected]
[email protected]
. - These malicious releases add a trojanized dependency,
plain-crypto-js
(a typosquat ofcrypto-js
), which downloads and executes a cross-platform RAT (remote access trojan) on install. - The attack chain was effective for roughly 3 hours (00:21 to 03:25 UTC) before npm removed the compromised packages. Axios has over 3 million weekly downloads and 174,000 dependent npm packages.
- The legitimate
[email protected]
was published via GitHub Actions OIDC trusted publishing. The attacker published the malicious releases directly from the compromised account, bypassing CI/CD. - The Windows and Linux RAT payloads both contain bugs that limit their effectiveness. The Linux payload crashes in containerized environments.
Note on TeamPCP: The TTPs in this compromise do not match the recent TeamPCP supply chain campaign that targeted Trivy, LiteLLM, Telnyx, and Checkmarx earlier in March 2026. We assess with reasonable confidence …
- On March 31, 2026, an attacker hijacked an axios npm maintainer account and published two malicious releases:
[email protected]
[email protected]
. - These malicious releases add a trojanized dependency,
plain-crypto-js
(a typosquat ofcrypto-js
), which downloads and executes a cross-platform RAT (remote access trojan) on install. - The attack chain was effective for roughly 3 hours (00:21 to 03:25 UTC) before npm removed the compromised packages. Axios has over 3 million weekly downloads and 174,000 dependent npm packages.
- The legitimate
[email protected]
was published via GitHub Actions OIDC trusted publishing. The attacker published the malicious releases directly from the compromised account, bypassing CI/CD. - The Windows and Linux RAT payloads both contain bugs that limit their effectiveness. The Linux payload crashes in containerized environments.
Note on TeamPCP: The TTPs in this compromise do not match the recent TeamPCP supply chain campaign that targeted Trivy, LiteLLM, Telnyx, and Checkmarx earlier in March 2026. We assess with reasonable confidence …
IoC
https://registry.npmjs.org/<package
https://registry.npmjs.org/axios
http://sfrclak.com
http://sfrclak.com:8000/6202033
142.11.206.73
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf
617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101
55554944c848257813983360905d7ad0f7e5e3f5
92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a
https://registry.npmjs.org/axios
http://sfrclak.com
http://sfrclak.com:8000/6202033
142.11.206.73
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf
617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101
55554944c848257813983360905d7ad0f7e5e3f5
92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a