Supply Chain Attack on Axios Pulls Malicious Dependency from npm
Contents
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
Socket Research Team
March 31, 2026
A supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including [email protected]
and [email protected]
.
The latest version pulls in [email protected]
, a package that Socket has confirmed as malicious. Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan (RAT) capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines.
Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, with 100 million weekly downloads on npm and adoption across frontend frameworks, backend services, and enterprise applications.
At this time, we have not observed any evidence linking this activity to the recently reported TeamPCP campaigns.
The affected Axios version does not appear in the project’s …
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
Socket Research Team
March 31, 2026
A supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including [email protected]
and [email protected]
.
The latest version pulls in [email protected]
, a package that Socket has confirmed as malicious. Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan (RAT) capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines.
Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, with 100 million weekly downloads on npm and adoption across frontend frameworks, backend services, and enterprise applications.
At this time, we have not observed any evidence linking this activity to the recently reported TeamPCP campaigns.
The affected Axios version does not appear in the project’s …