What versions of Axios NPM were compromised?

1.14.1 and 0.30.4—check hashes against Sophos indicators.

How do I detect Axios malware on my system?

Scan for listed hashes, review npm ls, hunt C2 traffic via logs. Use Sophos detections like Troj/PSAgent-CN.

Is North Korea behind the Axios NPM attack?

Sophos CTU attributes it to NICKEL GLADSTONE with high confidence—matching artifacts and patterns.

North Korean Hackers Compromise Axios NPM Package, Deploying RAT Across Platforms

Imagine your go-to HTTP client turning Trojan horse overnight. That's Axios for thousands of devs after North Korean actors compromised its NPM packages.

theAIcatchup Apr 09, 2026 3 min read

Digital illustration of a compromised Axios NPM package icon leaking malware code to global servers

⚡ Key Takeaways

Axios NPM versions 1.14.1 and 0.30.4 deliver cross-platform RATs via maintainer account takeover. 𝕏
Sophos links attack to North Korean NICKEL GLADSTONE group; immediate updates essential. 𝕏
Exposes NPM's weak maintainer security—expect registry reforms and higher enterprise scrutiny. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#axios compromise #nickel gladstone #npm supply chain attack #remote access trojan

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Sophos Threat Research

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Axios NPM Breach: North Korea's Precision Strike on JS Devs

Claude Code Leak Hands Rivals AI's Secret Sauce

Iran's Hidden Assault: 3,900 US PLCs Exposed in the Wild

Iranian Hacktivists Light Up Chats as US-Israel Strikes Hit Iran

Stay in the loop