🛡️ Security Tools

North Korea Poisons Axios NPM with RATs in Bold Supply Chain Hit

A single hijacked maintainer turned Axios—the JS HTTP king with 100 million weekly downloads—into a RAT delivery vehicle. North Korean actors bet big on supply chain chaos, and it almost paid off.

James Kowalski 📅 Apr 03, 2026 ⏱️ 4 min read 👁️ 0 views

Hacker injecting malware into Axios npm package code with North Korean flag overlay

⚡ Key Takeaways

Axios hijack via maintainer compromise spreads cross-platform RATs to millions of projects.
Check lockfiles immediately for v1.14.1, v0.30.4, or plain-crypto-js—Google warns of huge blast radius.
North Korea's UNC1069 eyes supply chains; expect provenance mandates to combat this.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Written by

James Kowalski

Investigative tech reporter focused on AI ethics, regulation, and societal impact.

#RAT malware #axios npm hijack #npm malware #supply chain attack #unc1069

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by InfoSecurity Magazine

North Korea Poisons Axios NPM with RATs in Bold Supply Chain Hit

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

James Kowalski

Worth sharing?

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

James Kowalski

Share this article

Worth sharing?

Related Stories

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Chrome's Fifth Zero-Day Patch: Google Races Against Relentless Exploits

IRGC Puts Apple, Google, Tesla on Middle East Hit List for April 1 Attacks

84% of Attacks Hijack Your Own Tools – And You're Still Blind

Stay in the loop