Axios Supply Chain Attack: How One Account Compromised Millions

Priya's team builds a fintech app. Like almost every JavaScript developer on the planet, they use Axios — a library that handles one of the most basic tasks in software: sending requests to the internet. Fetching data from an API. Submitting a form. Checking a balance. Axios does this so reliably, so invisibly, that most developers don't think about it at all.

On March 31, 2026, between midnight and 3:20 AM UTC, North Korean hackers published two poisoned versions of Axios to the world's largest software package store. Every developer who ran a standard package install command during those three hours downloaded malware onto their machine.

The malicious versions were live for less than three hours. But Axios is downloaded 100 million times per week.

What Is Axios — In Plain English

When your app needs to talk to the internet — fetch your bank balance, submit a login, load the latest news — it needs a tool to make that happen. Axios is that tool for JavaScript developers. It is simple, reliable, and works the same way on every platform.

It is downloaded over 100 million times every week. Wiz estimates it is present in roughly 80% of all cloud environments. It is not an optional library — it is woven into the fabric of modern software. If you use almost any web application, app, or online service, Axios is almost certainly somewhere in its codebase.

Root Cause — One Account. One Password. Global Access.

This breach was not caused by a flaw in Axios's code. It was caused by the compromise of a single person's account — the personal NPM account of Jason Saayman, Axios's primary maintainer.

NPM — the Node Package Manager — is the world's largest software library store. Think of it as an app store for developers. When a developer publishes a package, they log into NPM with a username and password. Whoever controls that login controls what gets published under that package's name.

The attackers gained access to Jason Saayman's account and immediately changed the registered email address to one they controlled — locking him out of his own account. They now had the keys to publish anything they wanted under the Axios name. 100 million weekly downloads. Trusted by developers everywhere. No one would question a new version from the official account.

The entire attack rested on one thing: one person's account credentials. No sophisticated hacking. No zero-day exploits. Just a compromised password on the account that controlled a library used by most of the internet's applications. One key. One hundred million doors.

It is not yet confirmed exactly how the account was compromised — whether through phishing, a stolen password from a previous breach, or another method. But the pattern is consistent with how UNC1069 has operated historically.

How the Attack Was Built — The Hidden Dependency Trick

Once inside Saayman's account, the attackers did not change Axios's code directly. That would be too obvious — security researchers scan for changes to popular packages constantly. Instead, they used a more subtle technique: a phantom dependency.

Here is how it worked, step by step.

Step 1 — Create a fake legitimate-looking package

The day before the attack, someone published a package called plain-crypto-js to NPM. It was designed to look like a legitimate cryptography library. It even had a clean version (4.2.0) published first — to establish a history and avoid suspicion.

Step 2 — Add the weapon inside the new version

Hours later, version 4.2.1 of plain-crypto-js was published — this time with a hidden payload. Buried inside was a postinstall hook. In software, a postinstall hook is a script that runs automatically the moment a package is installed. You do not trigger it. You do not see it. It just runs.

Step 3 — Inject the fake package into Axios

Using Saayman's compromised account, the attackers published two new versions of Axios (1.14.1 and 0.30.4) that listed plain-crypto-js as a dependency. A dependency is simply a package that another package needs to work. Axios legitimately has three dependencies. The attackers quietly added a fourth.

Step 4 — Every install triggers the weapon

Any developer who ran npm install axios — the standard command used millions of times a day — would automatically download Axios and all its dependencies, including the malicious plain-crypto-js. The moment the install completed, the postinstall hook fired silently in the background, downloading and executing the WAVESHAPER.V2 backdoor on the developer's machine.

The developer saw nothing. No warning. No error. Just a successful install.

What WAVESHAPER.V2 Does Once Installed

WAVESHAPER.V2 is a Remote Access Trojan — a RAT. A RAT is exactly what it sounds like: software that gives someone else remote control of your computer. Think of it as leaving a spare key under the doormat for attackers, except the key also lets them read every file, watch your screen, run commands, and steal credentials — silently, indefinitely, until they are ready to use what they have found.

It works on all three major platforms — Windows, macOS, and Linux — with tailored versions for each. Every 60 seconds it calls home to the attackers' server at sfrclak[.]com, checking for instructions. The commands it supports include running arbitrary scripts, injecting code into other processes, and downloading additional malware.

After installing, the dropper quietly removes itself and replaces the malicious plain-crypto-js package configuration with a clean-looking version — covering its tracks so a manual inspection of installed packages would find nothing suspicious.

Why North Korea — And Why Axios

Google's Threat Intelligence Group attributed this attack to UNC1069, a North Korea-linked group that has been active since at least 2018. Their primary motivation historically has been financial — cryptocurrency theft and access to financial infrastructure.

John Hultquist, chief analyst at Google GTIG, stated: "North Korean hackers have deep experience with supply chain attacks, which they've historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts."

Axios is present in the development environment of almost every JavaScript project. Developers who had the backdoor installed on their machines would expose AWS credentials, API keys, database passwords, cryptocurrency wallet keys, and access to every cloud service they were logged into.

This attack also connects directly to the wider supply chain crisis of March 2026. Mandiant CTO Charles Carmakal noted that secrets stolen across recent supply chain attacks "will enable more software supply chain attacks, SaaS compromises, ransomware, and crypto heists over the next several days, weeks, and months."

→ 75 Versions of Trivy Were Poisoned — TeamPCP's Supply Chain Campaign Explained

→ LiteLLM Attack: When a Trusted Update Turns Malicious

Indicators of Compromise (IOCs)

# Axios NPM Supply Chain Attack — Detection and Remediation

# Step 1 — Check your installed Axios version
npm list axios
# Poisoned versions: 1.14.1 and 0.30.4
# Safe versions: 1.14.0 and 0.30.3

# Step 2 — Check for the malicious dependency
ls node_modules | grep plain-crypto-js
# If found — remove immediately and treat machine as compromised

# Step 3 — Check for RAT artifacts on your machine
# macOS:
ls /Library/Caches/com.apple.act.mond
# Windows:
dir %PROGRAMDATA%\wt.exe
# Linux:
ls /tmp/ld.py
# If any found — assume full compromise, rotate all credentials

# Step 4 — Downgrade to safe version
npm install axios@1.14.0
# Or pin in package.json to prevent accidental upgrade

# Step 5 — Block C2 domain
sfrclak[.]com   (attacker command-and-control server)

# Step 6 — Audit CI/CD pipelines
# Check build logs for any npm install runs between:
# March 31, 2026 00:21 UTC and 03:20 UTC
# Any pipeline run during this window may have installed the backdoor

SOC Alert Priorities

Priority 1 — Run npm list axios across every environment today. Developer laptops, CI/CD build servers, Docker images built since March 31, staging, production. Any version showing 1.14.1 or 0.30.4 means the backdoor was installed. Treat that machine as fully compromised and rotate every credential on it.

Priority 2 — Check build logs for the 3-hour window. The malicious versions were live from 00:21 to 03:20 UTC on March 31. Any automated build that ran npm install during that window may have pulled the backdoored version. Check build logs for this specific window even if the installed version now shows clean — the RAT cleans up after itself.

Priority 3 — Search for plain-crypto-js in all environments. This package should not exist anywhere in legitimate codebases. Its presence is unambiguous evidence of the attack. Run a search across all node_modules directories in your infrastructure.

Priority 4 — Block sfrclak[.]com at your firewall immediately. Any outbound connection to this domain from a developer machine or server confirms active RAT communication. Investigate any machine showing this traffic as a priority incident.

Priority 5 — Enable two-factor authentication on all NPM maintainer accounts. This entire attack rested on one compromised account with no second layer of protection. If your team publishes NPM packages, enable 2FA on every maintainer account today. NPM now requires it for popular packages — enforce it everywhere regardless.

The ZyberWalls Perspective

Two independent supply chain attack campaigns — TeamPCP and now UNC1069 — ran simultaneously in March 2026. Both targeted software that developers install automatically, trust completely, and never think about. Both leveraged the same fundamental weakness: the entire security of a package used by millions rests on the personal account security of one or two individual maintainers.

The open source software ecosystem is built on trust. Most of the packages that power the internet are maintained by small teams or even single individuals in their spare time. There is no security team watching their accounts. There is no corporate IT department enforcing two-factor authentication. Just a person, a password, and a package downloaded 100 million times a week.

One compromised account. One hidden dependency. Three hours. Potentially millions of infected machines.

That is not a software vulnerability. That is a structural problem with how the entire software supply chain works — and it is being exploited, systematically, right now.