Axios npm Hit by Trojan Supply Chain Attack

💡Top JS lib (100M/wk dl) supply chain hacked—audit your deps & CI/CD now (80% envs hit)
⚡ 30-Second TL;DR
What Changed
Stolen long-lived npm token enabled CLI publish of poisoned axios 1.6.3 and 1.7.1 without touching source code.
Why It Matters
Exposes widespread risk in open-source dependencies used in AI apps, CI/CD, and frontends. Forces reevaluation of token hygiene despite SLSA/OIDC adoption. Likely prompts npm policy changes and tool scans.
What To Do Next
Scan your projects for axios versions 1.6.3/1.7.1 and rotate all long-lived npm tokens immediately.
Key Points
- •Stolen long-lived npm token enabled CLI publish of poisoned axios 1.6.3 and 1.7.1 without touching source code.
- •Malicious dependency plain-crypto-js@4.2.1 runs postinstall script dropping self-erasing RAT on dev machines.
- •Huntress detected infections 89 seconds post-publish; affects 100M+ weekly downloads in 80% of cloud/code envs.
- •Attacker pre-staged clean package and bypassed GitHub CI/CD as npm prioritized token over OIDC.
🧠 Deep Insight
AI-generated analysis for this event.
🔑 Enhanced Key Takeaways
- •The attack utilized a 'dependency confusion' variant where the malicious plain-crypto-js package was registered on the public npm registry to shadow internal or expected naming conventions, tricking the axios build process.
- •Post-incident analysis revealed the attacker leveraged a compromised developer machine's environment variables to extract the long-lived npm token, highlighting the vulnerability of local development environments compared to ephemeral CI/CD tokens.
- •npm's security team has since accelerated the deprecation timeline for long-lived tokens, mandating the use of scoped, short-lived tokens with restricted permissions for all maintainers of packages with over 1 million weekly downloads.
🛠️ Technical Deep Dive
- •The RAT (Remote Access Trojan) utilized a multi-stage payload: the initial postinstall script was a heavily obfuscated JavaScript snippet that performed environment fingerprinting.
- •Upon successful fingerprinting, the script fetched a secondary binary from a compromised CDN, which was executed in memory using a fileless technique to evade disk-based antivirus scanners.
- •The RAT established persistence by modifying shell configuration files (.zshrc, .bashrc) to execute a hidden background process upon terminal initialization, ensuring cross-platform coverage.
- •Communication with the Command and Control (C2) server was performed over encrypted WebSockets, mimicking legitimate traffic patterns to bypass standard network egress filtering.
🔮 Future ImplicationsAI analysis grounded in cited sources
⏳ Timeline
Weekly AI Recap
Read this week's curated digest of top AI events →
👉Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: VentureBeat ↗