Inside the Axios supply chain compromise - one RAT to rule them all

April 1, 2026, 7:28 p.m.

Description

Elastic Security Labs identified a supply chain compromise of the axios npm package, one of the most depended-upon packages in the JavaScript ecosystem with approximately 100 million weekly downloads. The attacker compromised a maintainer account and published backdoored versions that delivered a cross-platform Remote Access Trojan to macOS, Windows, and Linux systems through a malicious postinstall hook.

External References

https://www.elastic.co/security-labs/axios-one-rat-to-rule-them-all
https://otx.alienvault.com/pulse/69cd1c2e48c8aeef1f743d7f
Tags
javascript
supply chain attack
axios
2026-04-01
npm package compromise

Date

  • Created: April 1, 2026, 1:22 p.m.
  • Published: April 1, 2026, 1:22 p.m.
  • Modified: April 1, 2026, 7:28 p.m.

Indicators

  • 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101
  • 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a
  • fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf
Download all indicators here!

Attack Patterns

Additional Informations

  • sfrclak.com