Supply ChainMar 31, 2026
Key takeaways: - A compromised npm maintainer account was used to publish two malicious versions...
Compromised npm maintainer published malicious Axios versions with multi-platform implants.
Summary
A threat actor compromised an npm maintainer account and published two malicious versions of the popular Axios HTTP client library. The malicious JavaScript code deployed platform-specific stage-2 implants targeting macOS, Windows, and Linux systems, affecting potentially thousands of downstream dependencies relying on Axios.
Indicators of Compromise
- malware — Axios (malicious versions)