North Korean threat actors compromised the Axios npm package on March 30, 2026, injecting a cross-platform remote access trojan (RAT) into a JavaScript library with roughly 100 million weekly downloads, Google Threat Intelligence Group (GTIG) said Tuesday.
GTIG attributed the attack to UNC1069, a financially motivated group Mandiant has tracked since at least 2018. The group had previously used AI-generated deepfake videos and fabricated meeting invitations to target executives at cryptocurrency and decentralized finance firms.
Google Threat Intelligence Group is tracking an active supply chain attack 🔎
North Korea-nexus actor UNC1069 compromised the “axios” NPM package (v1.14.1 & 0.30.4), deploying the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
Learn more: https://t.co/pII35aPpRA pic.twitter.com/pFGWWOpacU
— Mandiant (part of Google Cloud) (@Mandiant) April 1, 2026
The Axios compromise marks a departure from that playbook. Rather than hunting individuals at specific companies, UNC1069 embedded malicious code into shared build infrastructure used across the global developer ecosystem.
Attackers gained access to the npm account of a lead Axios maintainer and published two malicious versions, [email protected] and [email protected]. Both versions silently pulled in a newly created dependency, [email protected], which automated malware detection systems confirmed as the payload carrier.
The compromised releases bypassed the project’s standard deployment pipeline. Axios version 1.14.0 remained the most recent tag visible on GitHub, while the poisoned versions were pushed directly to the npm registry without corresponding repository tags.
The malicious dependency was published to npm at 23:59:12 UTC on March 30. Socket’s automated detection flagged the package at 00:05:41 UTC on March 31, and npm removed both compromised versions by 03:29 UTC, a window of roughly three hours.
Wiz estimates Axios is present in approximately 80% of cloud and code environments. The firm observed the malicious versions in about 3% of the environments it scanned.
“The incident could have far-reaching impacts,” GTIG chief analyst John Hultquist said.
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily)… https://t.co/9DOVWH5KK1
— Andrej Karpathy (@karpathy) March 31, 2026
The RAT dropper cleans up after execution. Post-infection inspection of the installed package directory shows no postinstall script or setup.js file, making npm audit and manual review unreliable detection methods.
Confirmed indicators of compromise include the domain sfrclak[.]com and the IP address 142.11.206.73. Developers whose environments pulled the affected versions should treat those systems as fully compromised and immediately rotate all credentials, deploy keys, and API tokens.
How attackers obtained the maintainer’s credentials has not been confirmed. GTIG noted the incident is separate from another npm supply chain attack disclosed the prior week.
