Axios is one of the most downloaded npm packages, powering millions of projects worldwide. This week, it was hijacked by North Korean threat actors to deliver malware – the damage could’ve been catastrophic if not for a quick community reaction. The maintainers have now shed light on how they got in.
Jason Saayman, lead maintainer of axios, shared a complete story of how one of the most serious software supply chain attacks unfolded on March 31, 2026.
It all started two weeks ago with a sophisticated social engineering attack. The cyberattackers reached out to Jason, masquerading as a founder of a known company.
“They had cloned the company's founders' likeness as well as the company itself,” Saayman explains. “They tailored this process specifically to me.”
The impostors first invited the developer to a real Slack workspace. They had replicated the target company’s corporate identity, and it looked like the real deal.
“Slack was thought out very well, they had channels where they were sharing LinkedIn posts,” Saayman said.
“It was super convincing. They even had what I presume were fake profiles of the company’s team members, as well as a number of other open source maintainers.”
The attackers later scheduled a meeting with Saayman on Microsoft Teams, where it seemed a group of people would be involved. The meeting invite was a trap.
“The meeting said something on my system was out of date. I installed the missing item as I presumed it was something to do with Teams,” Saayman said.
“And this was the RAT.”
The sophisticated and targeted social engineering attack gave the attacker complete access to the lead maintainer's computer.
“Everything was extremely well coordinated, looked legit, and was done in a professional manner,” Saayman acknowledged.
The rest of the story is known.
On March 31st, two malicious versions of axios (1.14.1 and 0.30.4) were published to the npm repository through the compromised maintainer’s account. Hackers injected a never-before-used malicious dependency “[email protected],” which installed a remote access trojan on user machines.
Saayman explains that once the RAT is installed on a computer, attackers have full control over everything on the system, even despite the use of two-factor authentication.
The first malicious axios package (1.14.1) was published at 00:21 UTC, and the second one quickly followed at around 01:00 UTC. At nearly the same time, the first external detections were reported, however, the attackers attempted to suppress the response by deleting community member filed issues using the compromised account.
Axios collaborator DigitalBrainJS contacted the npm repository directly, and the malicious versions were removed at 03:15 and 03:29 UTC, respectively.
“We are working with the companies that operate this system, along with security experts, to investigate and contain the issue. Organizations that installed these versions should remove them immediately and treat affected systems as potentially compromised, including rotating any sensitive credentials,” the post-mortem report reads.
The team is still actively working to implement security improvements, acknowledging that publishing directly from a personal account was a risk that could’ve been avoided, there was no automated way to detect an unauthorized publish, and “hyper vigilance is needed both on the registry and in a personal capacity.”
Axios fully reset their infrastructure and credentials, hardened their release pipeline through immutable builds, adopted OIDC for publishing properly, and adopted GitHub Actions best security practices.
This type of attack is very dangerous
Google’s Mandiant threat intel group has already attributed the attack to the North Korean threat group tracked as UNC1069.
Many security firms have been warning about its activities and highly advanced AI-enabled social engineering tooling.
In one of the previously documented attacks, the same attackers contacted a victim via Telegram and later invited the victim to a Zoom meeting that was hosted on malicious infrastructure.
“The victim reported that during the call, they were presented with a video of a CEO from another cryptocurrency company that appeared to be a deepfake,” Mandiant’s report reads.
“Once in the ‘meeting,’ the fake video call facilitated a ruse that gave the impression to the end user that they were experiencing audio issues.”
A pop-up suggests the software needs to be updated, which leads to a ClickFix attack that instructs the victim to run commands on their system to address the fake issue. Instead, the commands pull and run the malicious script, deploying malware.
In February, Malwarebytes warned in a report about a malicious campaign, during which hackers exploited fake Zoom meetings and fake updates.
Many security researchers warned about similar activities from Bluenoroff, a North Korean threat actor that overlaps with UNC1069. Their social engineering attacks are designed to build rapport, aren’t pressing, and might take weeks to deliver the actual compromise.
The threat actor is financially motivated and previously mostly targeted the Web3 industry, such as centralized exchanges (CEX), software developers at financial institutions, high-technology companies, and individuals at venture capital funds.
How to check if you’re affected by the Axios breach?
The Axios team suggests developers check for compromised dependency versions on their systems. Many other packages depend on it and could have unknowingly pulled the malware during a routine npm install or update command.
The team provides a grep command that searches for the patterns:
‘grep -E "axios@(1\.14\.1|0\.30\.4)|plain-crypto-js" package-lock.json yarn.lock 2>/dev/null’
Caution – never run commands from the internet you don’t understand.
This command searches two files – package-lock.json and yarn.lock – for any lines mentioning specific vulnerable versions of axios or the package plain-crypto-js.
If compromise is suspected, or anything comes back running this search, the machine should be treated as compromised, cleaned, and every secret, token, and credential on it should be rotated.
Additionally, developers are advised to check network logs for connections to sfrclak[.]com or 142.11.206.73 on port 8000.
Socket, StepSecurity, Snyk, and other cybersecurity companies provide detailed remediation guides.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked