Microsoft Details Steps to Mitigate the Axios npm Supply Chain Compromise

A widely used JavaScript library called Axios was at the center of a serious supply chain attack that came to light on March 31, 2026.

Two updated versions of the Axios npm package — version 1.14.1 and version 0.30.4 — were found to contain malicious code built to silently install harmful software on developer machines, with no visible warning to the users or teams running them.

Axios is one of the most downloaded JavaScript packages in the world, recording over 70 million downloads every week.

Developers rely on it to make HTTP requests in web and backend applications. Because of how widely it is trusted and deployed across countless projects, a targeted change inside even one of its releases is enough to affect thousands of organizations, automated build pipelines, and live production environments all at once.

Microsoft Threat Intelligence analysts identified the infrastructure driving this attack and linked it to Sapphire Sleet, a North Korean state-sponsored threat group active since at least March 2020.

The group primarily focuses on financial targets, including cryptocurrency exchanges, venture capital firms, and blockchain organizations, with a main goal of stealing digital assets and financial data.

The group is also known to use platforms like LinkedIn to reach potential targets, directing them toward malicious files hosted on attacker-controlled cloud storage services.

The attack worked by injecting a fake dependency called [email protected] into the two compromised Axios versions.

This dependency silently executed a post-install script that connected to a command-and-control (C2) server and downloaded a second-stage remote access trojan (RAT).

The malicious payload was tailored for each operating system, with Windows, macOS, and Linux systems all receiving separate, platform-specific versions of the RAT, ensuring broad reach regardless of the environment being used.

What made this attack especially dangerous was how it turned npm’s built-in auto-update behavior into a delivery mechanism.

Any project set to automatically pull minor or patch updates for Axios would quietly resolve to the compromised release during a routine install or update, executing the malicious chain without requiring any extra steps from the developer.

Silent Dependency Injection: How the Attack Stayed Undetected

Rather than altering Axios’s own source code, the attacker embedded plain-crypto-js as a new dependency that only activated during installation.

When a developer ran npm install, or when a CI/CD pipeline triggered a build, the package manager automatically resolved and installed [email protected] behind the scenes.

That package’s lifecycle script then launched setup.js, a first-stage loader that used multiple layers of obfuscation to reconstruct sensitive strings at runtime before quietly connecting to the attacker’s server at hxxp://sfrclak[.]com:8000/6202033.

To avoid early detection, the attacker first published a clean version ([email protected]) to build a legitimate publishing history before introducing the malicious 4.2.1 update.

On Windows, setup.js dropped a VBScript stager that deployed a PowerShell RAT, creating persistence through a registry run key. On macOS, a native binary named com.apple.act.mond was placed quietly inside the Library/Caches folder.

On Linux, a Python payload called ld.py was written to the /tmp directory and launched in the background. Once the second-stage payload was running, setup.js removed itself and swapped the original package manifest for a clean-looking copy, making post-incident inspection harder.

Microsoft Threat Intelligence has outlined clear steps for affected organizations to take immediately. All Axios deployments should be rolled back to version 1.14.0 or 0.30.3, and any secrets or credentials exposed on compromised systems must be rotated without delay.

Developers are advised to remove caret (^) and tilde (~) prefixes from package.json files and lock Axios to an exact version number to prevent automatic upgrades.

Running npm cache clean --force will flush any cached malicious packages. Organizations should also audit CI/CD logs for any installs of the affected versions, check developer machines for the plain-crypto-js folder in node_modules directories, and block outbound traffic to sfrclak[.]com and IP address 142.11.206[.]73 on port 8000.

Automated dependency tools such as Dependabot or Renovate should be configured to restrict Axios updates until the threat is fully resolved.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.