TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Trend Micro Research

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

Jacob Santos · 2026-03-31 · Read original ↗

ATT&CK techniques detected

22 predictions
T1195.001Compromise Software Dependencies and Development Tools
99%
“execution, replacing its own evidence with a clean decoy. attack timeline the operation behind the compromise was pre - staged across ~ 18 hours, with the malicious dependency seeded on npm before the axios releases to avoid " brand - new package " alarms : table 1. attack timeli…”
T1027Obfuscated Files or Information
98%
“chain security score by multiple automated scanners within minutes of publication. the compromised axios @ 1. 14. 1 was similarly flagged and subsequently unpublished by npm. technical analysis : the rat dropper ( setup. js ) obfuscation architecture all sensitive strings are sto…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“bypassed github actions ’ oidc trusted publisher safeguards by manually publishing poisoned versions using a stolen npm token, leaving no trace in the official github repository. - automated npm security scanners flagged the malicious dependency within minutes, and npm administra…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads cyber threats axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads a supply chain attack hit axios when attackers u…”
T1059.001PowerShell
96%
“c & c post body : packages. npm. org / product0 the c & c returns a macos binary saved to / library / caches / com. apple. act. mond — a path designed to mimic apple system cache entries. the name " com. apple. act. mond " follows apple ' s reverse - dns daemon convention, likely…”
T1027Obfuscated Files or Information
96%
“then passes through _ trans _ 1. fully decoded strings annotated source : setup. js the following walkthrough covers the complete malicious payload from plain - crypto - js @ 4. 2. 1, with every significant code path annotated. decoding functions - _ trans _ 1 ( x, r ) splits the…”
T1195.001Compromise Software Dependencies and Development Tools
96%
“" : "... " } } / / axios @ 1. 14. 1 — malicious " _ npmuser " : { " name " : " jasonsaayman ", " email " : " ifstap @ proton. me " / / no trustedpublisher, no githead } the phantom dependency : plain - crypto - js @ 4. 2. 1 the only change in both poisoned axios versions is a sin…”
T1195.001Compromise Software Dependencies and Development Tools
90%
“ppid : 1 ← orphaned to init broader campaign : related packages - @ shadanai / openclaw : a fork of openclaw ai gateway with plain - crypto - js hidden in a vendored path. identical setup. js, same c & c, same payloads. - @ qqbrowser / openclaw - qbot @ 0. 0. 130 : ships a tamper…”
T1059.001PowerShell
90%
“persistent artifact : % programdata % \ wt. exe. - the fetched script executes its final payload entirely in memory. the renamed powershell binary ( wt. exe ) runs the following command : invoke - webrequest posts the windows platform identifier to the c & c and receives the seco…”
T1195.001Compromise Software Dependencies and Development Tools
88%
“json to prevent transitive resolution - remove plain - crypto - js : rm - rf node _ modules / plain - crypto - js & & npm install - - ignore - scripts - if rat artifacts found : do not clean in place. rebuild from known - good state. - rotate all credentials : npm tokens, aws key…”
T1587Develop Capabilities
87%
“axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads cyber threats axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads a supply chain attack hit axios when attackers u…”
T1195.002Compromise Software Supply Chain
81%
“bypassed github actions ’ oidc trusted publisher safeguards by manually publishing poisoned versions using a stolen npm token, leaving no trace in the official github repository. - automated npm security scanners flagged the malicious dependency within minutes, and npm administra…”
T1195.001Compromise Software Dependencies and Development Tools
78%
“and no githead. there is no commit, tag, or release in the axios github repository that corresponds to 1. 14. 1 or 0. 30. 4. the releases exists only on npm. when the axios collaborator digitalbrainjs attempted to respond, the attacker used the hijacked credentials ( which had ad…”
T1195.002Compromise Software Supply Chain
77%
“can be destroyed. lockfile diffs and network logs are more reliable forensic sources. proactive security with trendai vision one™ trendai vision one™ platform is the industry - leading ai cybersecurity platform that centralizes cyber risk exposure management, security operations,…”
T1059.001PowerShell
71%
“##per uses a for ( ; ; ) {... break } pattern — an infinite loop that executes exactly once. this is a deliberate obfuscation technique that avoids a clean if / else structure identifiable as a platform dispatcher in automated code review. inside : - macos ( darwin ) : decodes an…”
T1587Develop Capabilities
56%
“bypassed github actions ’ oidc trusted publisher safeguards by manually publishing poisoned versions using a stolen npm token, leaving no trace in the official github repository. - automated npm security scanners flagged the malicious dependency within minutes, and npm administra…”
T1587Develop Capabilities
55%
“" : "... " } } / / axios @ 1. 14. 1 — malicious " _ npmuser " : { " name " : " jasonsaayman ", " email " : " ifstap @ proton. me " / / no trustedpublisher, no githead } the phantom dependency : plain - crypto - js @ 4. 2. 1 the only change in both poisoned axios versions is a sin…”
T1587Develop Capabilities
51%
“execution, replacing its own evidence with a clean decoy. attack timeline the operation behind the compromise was pre - staged across ~ 18 hours, with the malicious dependency seeded on npm before the axios releases to avoid " brand - new package " alarms : table 1. attack timeli…”
T1195.002Compromise Software Supply Chain
43%
“axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads cyber threats axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads a supply chain attack hit axios when attackers u…”
T1195.001Compromise Software Dependencies and Development Tools
32%
“chain security score by multiple automated scanners within minutes of publication. the compromised axios @ 1. 14. 1 was similarly flagged and subsequently unpublished by npm. technical analysis : the rat dropper ( setup. js ) obfuscation architecture all sensitive strings are sto…”
T1204.005Malicious Library
31%
“axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads cyber threats axios npm package compromised : supply chain attack hits javascript http client with 100m + weekly downloads a supply chain attack hit axios when attackers u…”
T1195.002Compromise Software Supply Chain
31%
“execution, replacing its own evidence with a clean decoy. attack timeline the operation behind the compromise was pre - staged across ~ 18 hours, with the malicious dependency seeded on npm before the axios releases to avoid " brand - new package " alarms : table 1. attack timeli…”

Summary

A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging.