axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

stepsecurity.io

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

1 page links to this URL

axios Got Hijacked and Your Machine May Be Compromised

Sam Bent Sam Mar 31, 2026

A stolen npm token was all it took to poison axios, the package with 100 million weekly downloads, and drop a cross-platform RAT on every developer who ran npm install this morning.

0 inbound links article en npm securitysupply chain attackaxiosRATmalwareopen source securitypostinstall hookcredential theftJavaScript securitynpm audit