Axios Supply Chain Attack: RAT Found in Versions 1.14.1 and 0.30.4

A high-impact Supply Chain Attack has been identified within the ecosystem of the popular JavaScript HTTP client library, Axios. This incident involves the publication of two malicious versions of the package to the npm registry: version 1.14.1 and version 0.30.4. According to The Hacker News, these versions were released using the compromised credentials of a primary Axios maintainer, allowing the attackers to bypass standard peer review processes and inject malicious code directly into the distribution channel.

The core of the threat lies in the addition of a secondary dependency titled “plain-crypto-js” version 4.2.1. While the name mimics legitimate cryptography libraries, it functions as a cross-platform Remote Access Trojan (RAT). This malicious dependency is designed to execute upon installation, providing the threat actor with persistent access to the host environment.

Analysis of the Axios npm Supply Chain Attack

The exploit leverages the implicit trust developers place in highly popular packages. Axios maintains millions of weekly downloads, making it a prime target for automated CI/CD pipelines. When a project updates its dependencies, either through a manual npm update or an automated build process, the malicious 1.14.1 or 0.30.4 versions are pulled into the environment. The primary IoC in this scenario is the presence of plain-crypto-js in the node_modules directory or the package-lock.json file.

How to detect Axios npm exploit and malicious dependencies

Security teams should focus on identifying unauthorized packages that deviate from known-good baselines. To effectively detect this threat, SOC analysts should monitor for outbound connections to unusual C2 infrastructure initiated by Node.js processes. Furthermore, verifying the integrity of the dependency tree is essential. Using tools such as npm audit or yarn audit may not immediately flag the new versions if the registry has not yet cataloged the IoC, so manual inspection of version numbers is necessary.

Technical Deep Dive: The plain-crypto-js Payload

The payload delivered via plain-crypto-js is a sophisticated RAT capable of operating across Windows, Linux, and macOS environments. Once the Supply Chain Attack successfully seeds the malicious dependency, the code executes a post-install script. This script facilitates RCE by establishing a reverse shell or fetching additional secondary stages from attacker-controlled servers.

In terms of MITRE ATT&CK techniques, this campaign maps to T1195.001 (Supply Chain Compromise: Compromise Software Dependencies and Development Tools). The attackers’ ability to publish directly to the official registry demonstrates a significant failure in credential management or MFA implementation for the affected maintainer account. The cross-platform nature of the RAT suggests the adversary intended to target a broad range of victims, including cloud-based backend services and local development machines.

Recommendations for Axios 1.14.1 malicious dependency remediation

Immediate action is required for any organization utilizing Axios in their software stack. Defenders should prioritize the following steps:

• Audit Dependencies: Run npm list axios and npm list plain-crypto-js to identify if the compromised versions are present in any projects.
• Force Downgrade: Explicitly pin the Axios version in your package.json to a known-safe version, such as 1.7.0, and delete existing lock files to ensure a clean rebuild.
• Registry Monitoring: Utilize a private npm proxy or registry that allows for the whitelisting of specific package versions, preventing the automatic ingestion of unverified updates.
• Enhanced Logging: Configure your SIEM to alert on any post-install scripts executed by the npm CLI, as these are frequent vectors for initial access in supply chain compromises.

Organizations should also consider revoking any environment variables or secrets (e.g., AWS keys, database credentials) that were accessible to the compromised environments, as the RAT likely attempted to exfiltrate these sensitive assets immediately upon execution.