Axios npm Package Compromised: Supply Chain Attack Drops Cross-Platform Trojan via Fake Dependency

Malware Family and Delivery Mechanism

A supply chain attack targeting the widely used Axios HTTP client npm package has introduced a trojan capable of running on Windows, macOS, and Linux. The malicious code was embedded in two tampered Axios releases — versions 1.14.1 and 0.30.4 — published to the npm registry. Both versions inject a rogue package called plain-crypto-js version 4.2.1 as a dependency, which serves as the primary delivery vehicle for the payload.

Axios is one of the most downloaded packages in the npm ecosystem, with hundreds of millions of weekly downloads. Any project that updated to either compromised version during the window of availability would have pulled down plain-crypto-js automatically during dependency resolution, requiring no user interaction beyond a standard npm install.

StepSecurity identified the malicious dependency and flagged both releases. The attack mirrors a classic dependency confusion or package hijacking pattern: a legitimate, trusted package is modified to declare a dependency on a malicious package that masquerades as a known cryptography library.

Capabilities: Persistence, Exfiltration, and C2

Persistence

The trojan delivered via plain-crypto-js establishes persistence on all three target operating systems using platform-native mechanisms. On Windows, it writes entries to the registry run keys (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) and may drop scheduled tasks. On Linux and macOS, it targets cron jobs and LaunchAgents respectively, ensuring execution survives reboots without requiring elevated privileges at the initial infection stage.

Data Exfiltration

Once resident, the malware collects environment variables, system metadata, and credential-adjacent data from the infected host. Given its deployment context — developer machines and CI/CD pipeline runners — the highest-value targets are source code repositories, cloud provider credentials (AWS, GCP, Azure), API tokens stored in .env files, and SSH private keys. The malware reads common credential storage locations across all three platforms and stages collected data for transmission.

Command and Control

The payload communicates with a remote C2 endpoint over HTTPS to blend with legitimate traffic. Beacon intervals and C2 infrastructure details are embedded within the plain-crypto-js package itself. At time of publication, the specific C2 domains and IP addresses are under analysis, with threat intelligence feeds from StepSecurity being the primary source tracking live infrastructure.

Affected Platforms

• Windows (all versions supporting Node.js runtime)
• macOS (all versions supporting Node.js runtime)
• Linux (all distributions supporting Node.js runtime)

Any environment running Node.js that installed Axios 1.14.1 or 0.30.4 is potentially compromised. This includes developer workstations, CI/CD systems (GitHub Actions runners, Jenkins agents, GitLab CI), containerized build environments, and production Node.js applications that perform dependency installation at runtime.

Organizations using dependency lockfiles (package-lock.json or yarn.lock) that were generated or updated after the malicious versions were published are at risk if those lockfiles pinned either compromised release.

Immediate Remediation Steps

1. Audit installed versions. Run npm list axios across all affected repositories and pipelines. Flag any environment reporting version 1.14.1 or 0.30.4.

2. Check for plain-crypto-js. Run npm list plain-crypto-js to detect whether the malicious package was installed. Presence of version 4.2.1 confirms exposure.

3. Downgrade or upgrade Axios. Revert to Axios 1.7.9 (the last confirmed clean stable release in the 1.x line) or wait for an official patched release from the Axios maintainers. Verify package integrity using npm audit and by inspecting the package.json and lockfile diffs.

4. Rotate all secrets. Any host that ran the compromised package should be treated as fully compromised. Rotate AWS IAM keys, GCP service account credentials, GitHub tokens, SSH keys, and any other secrets accessible from that environment.

5. Rebuild affected containers and runners. Do not attempt to clean infected CI/CD runners in place. Tear down and provision fresh instances from a known-good base image.

Detection Signatures

File-based indicators:

• Presence of node_modules/plain-crypto-js/ in any project directory
• plain-crypto-js version 4.2.1 in package-lock.json or yarn.lock

YARA rule (conceptual):

rule axios_supply_chain_plain_crypto_js {
  strings:
    $pkg = "plain-crypto-js" ascii
    $ver = "4.2.1" ascii
  condition:
    all of them
}

npm audit: Run npm audit --audit-level=high after updating your local advisory database. Advisories for plain-crypto-js@4.2.1 should surface once registries propagate the malicious package flag.

SIEM/EDR detections:

• Outbound HTTPS connections originating from Node.js processes to previously unseen external hosts
• Registry write events (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) initiated by node.exe
• New cron entries or LaunchAgent plist files created by user-space Node.js processes
• File read events targeting .env, ~/.aws/credentials, ~/.ssh/id_rsa from Node.js child processes

SocTeams should query EDR telemetry for the window between when the compromised packages were published and when they were removed from the registry, treating all matches as confirmed compromise requiring full incident response.