Attackers have successfully stolen a long-standing npm access token that belonged to the lead maintainer of axios, the most widely used HTTP client library in JavaScript. This stolen token was then utilized to publish two corrupted versions of axios that install a cross-platform remote access trojan. These malicious releases were designed to target macOS, Windows, and Linux systems and were available on the npm registry for roughly three hours before being removed.
Axios, which receives over 100 million downloads per week, is a crucial component in approximately 80% of cloud and code environments. This includes everything from React front-ends to CI/CD pipelines to serverless functions. Huntress, a security company, detected the initial infections within 89 seconds of the malicious package going live, with at least 135 compromised systems among its customers during the exposure period.
This incident marks the third major npm supply chain compromise in the past seven months, all of which exploited maintainer credentials. Despite having implemented various security measures recommended by the security community, axios fell victim to this attack.
The attacker gained control of the npm account belonging to @jasonsaayman, a lead axios maintainer, by changing the account email to an anonymous ProtonMail address. The attacker then published the corrupted packages through npm’s command-line interface, bypassing the project’s GitHub Actions CI/CD pipeline entirely. The malicious releases did not alter the Axios source code but added a single new dependency, plain-crypto-js@4.2.1, to both release branches. This dependency was solely designed to execute a postinstall script that installs a cross-platform RAT on the developer’s machine.
The attack was meticulously planned, with the attacker first publishing a clean version of plain-crypto-js under a separate npm account to avoid detection. The weaponized 4.2.1 version was then released within 39 minutes, with pre-built payloads for three different platforms. The malware was programmed to erase itself after execution and replace the package.json file to hinder forensic examination.
The security community praised Axios for adopting various security measures, such as shipping legitimate releases through GitHub Actions using npm’s OIDC Trusted Publisher mechanism and carrying SLSA provenance attestations. However, the attacker managed to bypass these defenses by exploiting a legacy token that coexisted alongside OIDC, which npm silently preferred for authentication during publishing.
Despite the security enhancements implemented after previous supply chain compromises, the incident highlights the recurring theme of credential compromise as the primary vulnerability in such attacks. Until the root cause of maintaining individual maintainer accounts as the ultimate trust anchor is addressed, the risk of credential hijacking will persist.
In response to this incident, SOC leaders are advised to conduct impact assessments to identify affected systems, contain the breach, patch vulnerabilities, and implement transparent reporting to prevent future incidents. It is crucial for organizations running Node.js to check for exposure to the compromised package, assume compromise if affected, block command and control servers, check for RAT artifacts on machines, and enforce stricter security measures in their CI/CD pipelines.
As the npm ecosystem continues to evolve, it is essential for maintainers to stay vigilant and implement robust security measures to protect against supply chain attacks. By addressing the root cause of credential vulnerabilities and adopting best practices in authentication and authorization, npm packages can enhance their security posture and mitigate the risk of future compromises.