Axios NPM Hack Deploys RATs on 101M Dev Installs

Video description

Attackers compromised the Axios npm package and published two backdoored releases. The malicious versions introduced a hidden post-install script that silently downloaded a Remote Access Trojan onto developer machines and CI/CD runners, scanning for .env files, SSH keys, npm tokens and more. 🔗 Relevant Links https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package/ https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHZlejk4T1JxOVdNWmhWQ05MTUxmdTRzb2dUUXxBQ3Jtc0ttbEQ5SkFtZWhBUWZsallOWDhaeXo5cTNKXzQ5Y0E2U09MQVFBT21kVGtJWjhybmdZTlFFMWZycy1NWnZVRlh5a0FLZ3hOVUluTUNLemlPYXdia2RWcGY5eUx4bFRMdnZxSzVUN1ZhelkzNnRBWWdjZw&q=https%3A%2F%2Fwww.stepsecurity.io%2Fblog%2Faxios-compromised-on-npm-malicious-versions-drop-remote-access-trojan&v=yiLIZLPNEm8 ❤️ More about us Radically better observability stack: https://betterstack.com/ Written tutorials: https://betterstack.com/community/ Example projects: https://github.com/BetterStackHQ 📱 Socials Twitter: https://twitter.com/betterstackhq Instagram: https://www.instagram.com/betterstackhq/ TikTok: https://www.tiktok.com/@betterstack LinkedIn: https://www.linkedin.com/company/betterstack

Backdoor Mechanics Exploit Post-Install Scripts

Attackers hijacked the Axios NPM lead maintainer's account—despite 2FA and GitHub auth—using a long-lived NPM CLI access token (possibly via recovery codes) to publish v1.14.1 (tagged latest) and v0.30.4 (tagged legacy) on March 31. These versions added a phantom 'plain crypto-js' dependency, a tweaked crypto-js with a malicious post-install 'setup.js' script. This script runs automatically on every npm install or CI execution, detects the OS (Windows, macOS Intel/Apple Silicon, Linux), and fetches a tailored second-stage RAT payload from a remote server.

The RAT self-cleans: original setup.js deletes itself, removes the malicious package.json post-install entry, and restores a clean version to evade detection. Packages like DataDog, OpenClaw, and WordPress inherited the compromise, affecting Axios's 174,000 dependents and 101 million weekly installs.

RAT Behaviors Steal Dev Credentials and Enable Remote Control

Once deployed, the RAT scans sensitive directories—Documents, Desktop, config folders (plus OneDrive, AppData, all drive letters on Windows)—exfiltrates the file list to attackers for theft assessment, then beacons every 60 seconds with hostname, username, OS, timezone, hardware model, and all running processes. This reveals active software and user presence.

Attackers can remotely issue four commands: (1) browse any directory, (2) execute arbitrary shell commands/scripts, (3) drop/execute more malware, (4) kill the process for cleanup. Treat any infected system as fully compromised: rotate all secrets like .env files, NPM tokens, SSH keys immediately.

Detect Infection and Respond Swiftly

Search lockfiles (package-lock.json, yarn.lock) for axios@1.14.1, axios@0.30.4, or plain-crypto-js. Scan node_modules for these packages. Hunt RAT artifacts per platform-specific write-ups (linked in source). Axios versions were yanked after 3 hours, but prior installs persist—assume credential theft.

Prevent Future Supply Chain Attacks

Commit lockfiles to pin versions and use npm ci (not npm install) in CI/CD to enforce exact installs. Set minimum package age (e.g., 48 hours) to skip fresh malicious uploads. Run npm install --ignore-scripts to block post-installs, or switch to Bun which disables them by default except on explicitly trusted deps. These steps caught this attack early but highlight rising NPM threats.

Video description

Backdoor Mechanics Exploit Post-Install Scripts

RAT Behaviors Steal Dev Credentials and Enable Remote Control

Detect Infection and Respond Swiftly

Prevent Future Supply Chain Attacks

More from Software Engineering

ClusterFuzzLite: Fuzz PRs in CI to Catch Bugs Early

North Korea Hit Axios NPM Maintainer, Exposing 100M Downloads

GitHub RCE via Single Git Push X-Stat Injection

Datasette Replaces CSRF Tokens with Sec-Fetch-Site Headers