What is the Axios npm supply chain attack?

Hackers used stolen maintainer creds to publish trojaned Axios packages (1.14.1, 0.30.4) that install a RAT during npm install, stealing dev secrets.

How to check if affected by Axios npm hack?

Scan for IOCs: sfrclak[.]com, specific checksums, temp files like /tmp/ld.py. Rotate secrets from any machine that installed those versions.

Does Axios hack affect end-user apps?

No—only build/install phase on dev machines. Runtime apps are safe.

📋 Compliance & Policy

Axios npm Poisoning: Hackers Hijack Your Dev Secrets via 100M Downloads

One npm install, and boom—your cloud keys are en route to a hacker's server. Axios, the unsung hero of JS networking, just got turned into a trojan horse.

Threat Digest Apr 03, 2026 3 min read

Malicious Axios npm package details with RAT indicators on screen

⚡ Key Takeaways

Compromised Axios npm packages (1.14.1, 0.30.4) install RATs stealing dev secrets via postinstall scripts. 𝕏
Impacts 100M weekly downloads; check IOCs and rotate all credentials immediately. 𝕏
Exposes npm's trust flaws—predict mandatory package signing soon or market share bleed. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Axios malware #Axios supply chain attack #RAT trojan #devsecops #npm hack #npm malware #supply chain attack

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Malwarebytes Labs

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Inside the Axios Hijack: How DPRK RATs Slipped into Dev Workflows Worldwide

North Korea Poisons Axios NPM with RATs in Bold Supply Chain Hit

Mercor Breach Exposes TeamPCP's LiteLLM Rampage in Real Time

Mercor's 4TB Nightmare: LiteLLM's Supply Chain Poison Reaches AI Hiring Giant

Stay in the loop