The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Axios Breach: When npm Trust Becomes an APT Attack Vector

Apr 6, 2026 2:36:03 PM / by The Hivemind

Axios Breach2026Verticals Targeted: Software, Technology, Cloud, Enterprise IT environments
Regions Targeted: Global
Related Families: WAVESHAPER.V2

Executive Summary

A supply chain compromise of the widely used Axios npm package introduced a malicious dependency delivering cross-platform remote access trojans, now linked with high confidence to a North Korea–aligned threat cluster UNC1069. The campaign leveraged maintainer account takeover, npm publishing abuse, and install-time execution to target developer environments and CI/CD pipelines during a short but high-risk exposure window.

Key Takeaways

  • Malicious versions of axios@1.14.1 and 0.30.4 included a staged dependency that executes a postinstall RAT payload.
  • The attack leveraged maintainer account takeover, bypassing typical trust assumptions in the npm ecosystem.
  • The payload delivered OS-specific RATs, targeting macOS, Windows, and Linux, with persistence, reconnaissance, and remote execution capabilities.
  • An exposure window of around 3 hours presents high risk to CI/CD systems and auto-install pipelines.

The Activity

A high-impact software supply chain attack targeted the npm ecosystem through compromise of the widely used Axios HTTP client library. The attacker gained control of a maintainer account and published two malicious versions, 1.14.1 and 0.30.4, introducing a covert dependency without modifying Axios source code directly.

This approach allowed the adversary to preserve the integrity of the primary codebase while inserting a malicious execution path into the dependency chain. When developers or automated systems executed npm install axios, npm resolved and installed the injected dependency, triggering execution through the postinstall lifecycle hook.

The postinstall script employed layered obfuscation techniques including string reversal, Base64 decoding, and XOR encryption using the key OrDeR_7077, complicating both static analysis and signature-based detection. Once decoded, the script initiated environment profiling and established outbound communication with the C2 server. To evade detection, outbound requests were structured to resemble legitimate npm registry traffic by appending platform-specific paths such as packages.npm[.]org/product0, allowing malicious traffic to blend with expected dependency resolution patterns .

Multi-Platform Payload Delivery

The dropper dynamically retrieved second-stage payloads tailored to the victim’s operating system:

  • macOS: Downloads a C++ Mach-O binary, stores it in /Library/Caches/com.apple.act.mond, and executes it via /bin/zsh.
  • Windows: Copies PowerShell to %PROGRAMDATA%\wt.exe, disguising it as Windows Terminal, and executes a secondary script via VBScript with registry-based persistence.
  • Linux: Retrieves a Python-based implant to /tmp/ld.py and executes it in the background using nohup.

Despite language differences, all payloads implement a unified RAT framework with consistent command structure and communication protocol.

RAT Functionality

The malware establishes persistence and begins beaconing to the C2 server every 60 seconds, transmitting Base64-encoded JSON containing system metadata, process information, and environmental context .

Supported command capabilities include:

  • runscript: Execute arbitrary commands or scripts
  • peinject: Drop and execute additional payloads
  • rundir: Enumerate directories and files
  • kill: Self-terminate

This modular design enables rapid transition from initial access to credential harvesting, lateral movement, and secondary payload staging.

Anti-Forensic Measures

The infection chain incorporates aggressive cleanup mechanisms. Within seconds of execution, the dropper deletes the setup script, removes the postinstall hook, and replaces modified package files with benign decoys. This ensures that manual inspection of node_modules will not reveal obvious indicators of compromise, significantly increasing dwell time and reducing detection likelihood. The full compromise sequence, from installation to persistence, can complete in approximately 15 seconds, underscoring the speed and automation of the attack.

Tradecraft and Access Vector

This campaign demonstrates mature supply chain tradecraft and intentional exploitation of trust boundaries within the npm ecosystem.

The attacker avoided direct source code modification and instead:

  • Injected a dependency to trigger execution via lifecycle scripts
  • Published malicious versions using a legacy npm authentication token
  • Bypassed GitHub Actions and OIDC provenance enforcement, eliminating expected audit trails

By publishing directly through npm CLI, the attacker circumvented modern package signing and provenance validation workflows that many organizations rely on to verify package integrity. The use of install-time execution highlights a critical structural weakness in software pipelines, particularly in environments where lifecycle scripts are permitted and dependency versions are not strictly pinned.

Attribution

Google Threat Intelligence Group attributes the activity to UNC1069, a North Korea–aligned threat cluster, citing malware overlap with WAVESHAPER.V2, infrastructure reuse, and operational similarities with prior campaigns. The campaign aligns with established DPRK cyber strategy, which prioritizes supply chain compromise, credential harvesting from developer ecosystems, and monetization through access to financial systems and cryptocurrency platforms.

Analyst Commentary

The scale of Axios usage, with tens of millions of weekly downloads, significantly amplifies potential impact even within a short exposure window. High-risk environments include CI/CD pipelines, developer workstations, cloud build systems, and enterprise applications relying on dynamic dependency resolution.

The primary risk is credential exposure, including API keys, tokens, and environment variables, which may enable downstream compromise of production systems and SaaS platforms. The combination of automated execution, stealthy persistence, and anti-forensic cleanup increases the likelihood of undetected compromise, particularly in environments lacking runtime monitoring.

This incident reflects an evolution in threat activity, where state-aligned actors leverage trusted open-source ecosystems as scalable intrusion vectors and reflects the trajectory previously identified by PolySwarm analysts in our previous threat bulletin entitled Infect Once, Spread Everywhere: CanisterWorm and the Automation of Supply Chain Compromise. Adversaries are increasingly leveraging trust within software ecosystems as an attack surface. This model is scalable, resilient, and aligned with long-term strategic objectives, which can include persistent access within critical infrastructure and defense environments.

IOCs

PolySwarm has multiple samples associated with this activity.

 

92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a

fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf

617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101


Click here to view all related samples in our PolySwarm portal.

Don’t have a PolySwarm account? Go here to sign up for a free Community plan or subscribe.

Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports.

Topics: Threat Bulletin, North Korean threat actors, UNC1069, CI/CD compromise, npm malware, supply chain attacks, Axios npm compromise, WAVESHAPER, DPRK cyber operations, RAT malware

The Hivemind

Written by The Hivemind

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More