Code Mala Tang

Mar 31, 2026 · Information Security

How Malicious Axios Versions Hijacked NPM: A Deep Supply‑Chain Attack Analysis

StepSecurity uncovered a sophisticated supply‑chain attack on the popular Axios HTTP client where compromised maintainer credentials were used to publish malicious versions that injected a hidden postinstall RAT, evaded detection, and executed platform‑specific payloads before self‑destructing, prompting detailed forensic and remediation guidance.