🌮Tacosec

Platform Modules

CVE & SBOM Management

Live

Vulnerability detection, SBOM generation, secret scanning

CIS Validation

Coming Soon

Continuous CIS benchmark scoring for Linux, K8s & Windows

MDR + Detection

Coming Soon

Log ingestion, ruleset-based alerting, threat detection

3 modules — CVE & SBOM live, CIS and MDR coming soon

Get early access

Solutions across CVE management, CIS validation, MDR, and compliance

Talk to an expert
Back to Blog
Supply Chain

axios Supply Chain Attack: 100M Weekly Downloads, One Hijacked Account

Taco TeamMarch 31, 20266 min read

On March 31, 2026, the npm account of axios's lead maintainer was compromised and used to publish two malicious package versions: axios@1.14.1 and axios@0.30.4. Both were pulled within hours, but not before being available for download by a library that sees roughly 100 million installs per week — making this one of the most impactful npm supply chain attacks on record.

How the Attack Was Staged

The attacker didn't act on impulse. Around 18 hours before the malicious axios releases, a separate npm account — nrwise — published a decoy package called plain-crypto-js@4.2.0 to establish registry history and look legitimate. At 23:59 UTC on March 30, the real malicious version plain-crypto-js@4.2.1 went live.

At 00:21 UTC on March 31, the compromised jasonsaayman account pushed axios@1.14.1. Thirty-nine minutes later, axios@0.30.4 followed. Neither release had corresponding GitHub commits, tags, or a release — the only change was the addition of plain-crypto-js@^4.2.1 as a dependency.

What the RAT Does

The dropper (setup.js) runs via a postinstall hook and contacts a C2 server to deliver platform-specific payloads:

  • macOS: A persistent binary dropped at /Library/Caches/com.apple.act.mond, disguised as an Apple cache daemon
  • Windows: A hidden VBScript spawns a PowerShell payload; the Windows Terminal interpreter is copied to %PROGRAMDATA%\wt.exe
  • Linux: A Python script dropped at /tmp/ld.py

After execution, the dropper self-deletes and replaces its own package.json with a clean stub to cover its tracks.

Indicators of Compromise

Malicious packages:

  • axios@1.14.1 — SHA1: 2553649f2322049666871cea80a5d0d6adc700ca
  • axios@0.30.4 — SHA1: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71
  • plain-crypto-js@4.2.1 — SHA1: 07d889e2dadce6f3910dcbc253317d28ca61c766

Network:

  • C2 domain: sfrclak[.]com
  • C2 IP: 142.11.206[.]73
  • C2 URL: http://sfrclak[.]com:8000/6202033

File system:

  • macOS: /Library/Caches/com.apple.act.mond (SHA256: 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a)
  • Windows: %PROGRAMDATA%\wt.exe, %TEMP%\6202033.vbs, %TEMP%\6202033.ps1 (PS1 SHA256: 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101)
  • Linux: /tmp/ld.py (SHA256: fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf)

Attacker accounts:

  • jasonsaayman (compromised; email changed to ifstap@proton.me)
  • nrwise (attacker-created; nrwise@proton.me)

What To Do

  1. Confirm which axios version you're running: npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"
  2. Check for the staging package: ls node_modules/plain-crypto-js 2>/dev/null
  3. Pin to a safe version: axios@1.14.0 or axios@0.30.3
  4. If RAT artifacts are found, don't attempt in-place cleanup — rebuild from a known-good state
  5. Rotate everything: npm tokens, AWS keys, SSH keys, CI/CD secrets, GitHub PATs
  6. Enforce npm ci --ignore-scripts in all CI/CD pipelines as standing policy

This attack required a single compromised maintainer account to weaponize the most-downloaded HTTP library in the JavaScript ecosystem. No vulnerability was needed — just access.

Back to Blog

Don't wait for the next incident to find out you're exposed.

Tacosec continuously monitors your dependencies, SBOMs, and infrastructure — so you know about vulnerabilities before attackers find them.

Get Started FreeTry Taco CLI →