The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on April 21, 2026, detailing a critical supply chain compromise of the Axios npm package. Axios, a ubiquitous JavaScript library with over 100 million weekly downloads, was weaponized to deliver a cross-platform Remote Access Trojan (RAT) to developer and production environments. The agency urged organizations to immediately audit their systems for specific compromised versions released in late March.
The compromise involved the unauthorized publication of two backdoored versions: axios@1.14.1 and axios@0.30.4. According to technical reports from CISA and Microsoft Threat Intelligence, an attacker gained control of a lead maintainer’s npm account to inject a phantom dependency titled plain-crypto-js@4.2.1. This dependency was never actually imported by the Axios runtime code but utilized a postinstall lifecycle script to execute automatically upon installation. This mechanism allowed the malware to bypass standard code review processes that only inspect direct source code changes.
Forensic analysis has attributed the campaign to the North Korean state-sponsored threat group Sapphire Sleet, also known as NICKEL GLADSTONE or UNC1069. The RAT deployed by the malicious dependency is a multi-stage implant tailored for Windows, macOS, and Linux. On Windows, the malware utilizes PowerShell scripts; on macOS, it employs AppleScript and C++; and on Linux, it relies on Python. The primary objective of the RAT is the harvesting of high-value credentials, including GitHub Personal Access Tokens, AWS and Azure cloud keys, and SSH credentials.
Although the malicious packages were live on the npm registry for only approximately three hours on March 31, 2026, telemetry suggests between 450,000 and 600,000 installations may have occurred. The impact was amplified by automated continuous integration and continuous delivery (CI/CD) pipelines and developer workstations configured to automatically pull the latest patch versions. CISA noted that the malware includes anti-forensic capabilities, such as self-deletion and the restoration of original package metadata, to evade detection by endpoint security tools.
CISA’s remediation guidance directs organizations to immediately downgrade to verified versions, specifically axios@1.14.0 or axios@0.30.3. The agency also recommends rotating all secrets and credentials that may have been present on systems where the compromised versions were installed. Network administrators are advised to block all outbound traffic to the identified command-and-control domain, sfrclak[.]com. To prevent future incidents, CISA suggests implementing npm configuration hardening, such as setting ignore-scripts to true and requiring a minimum release age for new dependencies.