The Axios JavaScript NPM package recently experienced a software supply chain security incident. As the most widely used JavaScript HTTP client library, downloaded over 400 million times per month, this event demonstrates the practical need for strict dependency validation across development environments.
Software development security vendor StepSecurity identified that two unauthorized versions of the library had been published to the NPM registry: [email protected] and [email protected].
These versions introduced a new, unverified dependency named [email protected]. Masquerading as the legitimate crypto-js library, this package executes a script that installs a remote-access trojan (RAT) compatible with Windows, Linux, and macOS systems. Researchers trace the origin of the incident to unauthorized access to the lead maintainer's account, "jasonsaayman."
"The dropper contacts a live command-and-control server and delivers platform-specific, second stage payloads. After execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection," StepSecurity explained in its analysis. "There are zero lines of malicious code inside axios itself, and that's exactly what makes this attack so dangerous."
The unauthorized packages remained active for approximately three hours before NPM removed all traces of the campaign. However, Endor Labs noted that one version of the plain-crypto-js dependency was publicly exposed for more than 21 hours before registry maintainers applied a security hold. Because the software is heavily adopted, organizations should check their environments for indicators of compromise (IOCs) published by StepSecurity, Endor Labs, and Socket.
Feross Aboukhadijeh, CEO of Socket, recommends that teams using the JavaScript ecosystem should pause standard operations and verify their dependencies immediately to ensure their environments remain secure.
Threat Actor Motivations and Attribution
Determining the origin of supply chain incidents requires careful observation of post-installation behavior. Early industry reports suggested a link to TeamPCP, a group associated with cloud-native unauthorized access and ransomware. However, Google Threat Intelligence subsequently issued a statement attributing the activity to suspected North Korean threat actor UNC1069.
Google Threat Intelligence Group chief analyst John Hultquist stated that the full scope of the incident remains under investigation, but the organization expects the downstream impact to be significant.
Ashish Kurmi from StepSecurity observed that the trojan's operational pattern points toward access brokering or targeted espionage rather than rapid credential theft.
"The RAT's first action is device profiling (hostname, username, OS, processes, directory walk) before doing anything else — that's cataloging, not looting. A blunt infostealer grabs credentials and leaves; this one fingerprints the environment and waits for instructions," Kurmi says. "Axios lives in developer environments holding source code, deploy keys, and cloud credentials a cryptominer has no use for, and the 18-hour pre-staging, simultaneous branch poisoning, and anti-forensics suggest an actor who has done this before."
If UNC1069 is responsible, this represents a notable shift in their operational methodology. The group operates as an arm of North Korea's Lazarus Group, which historically targets cryptocurrency wallets and fintech infrastructure. A verified link would mark their first successful compromise of a top-tier NPM package.
Advanced Operational Tradecraft in the Open Source Supply Chain
The open source supply chain has seen multiple security events in recent months, including the Shai-hulud and GlassWorm incidents. While those relied on opportunistic propagation, researchers categorize the Axios incident as highly precise.
"The malicious dependency was staged 18 hours in advance. Three payloads were pre-built for three operating systems. Both release branches were poisoned within 39 minutes of each other. Every artifact was designed to self-destruct," StepSecurity reported. "Within two seconds of npm install, the malware was already calling home to the attacker's server before npm had even finished resolving dependencies. This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."
Kurmi points out that executing this required more than standard typosquatting techniques. The threat actor had to gain access to a verified maintainer account, bypass the Axios project's OIDC-based publishing pipeline, and implement anti-forensic measures to manipulate npm list reports post-installation.
He places this incident along a continuum of increasing operational awareness, alongside recent compromises involving Nx Singularity, tj-actions/changed-files, Trivy, Checkmarx KICS, LiteLLM, and the Canister worm.
From a defender's perspective, the brief three-hour primary exposure window naturally limited total installations. However, the silent execution model means developers impacted during that timeframe would not have received standard error warnings or system alerts. A quiet, traceless execution presents a fundamentally different operational risk than a loud failure that prompts immediate remediation.
Peyton Kennedy, a security researcher at Endor Labs, observes that the methods used in this incident demonstrate a clear escalation in supply chain methodology.
"Last year, Shai-hulud's worm-based propagation was novel, and we've since seen that technique replicated in CanisterWorm and other campaigns," Kennedy says. "This attack is a different kind of escalation: staged dependency seeding to evade scanners, platform-specific payload chains, and self-deleting anti-forensic cleanup. This looks like deliberate, planned tradecraft from an experienced threat actor."