Axios Hack: How 3 Hours of Account Compromise Affected 174K Packages
On March 30, 2026, an attacker who gained access to an Axios maintainer's account released malicious versions of the library, affecting around 174,000 dependent packages. The attack, which lasted just three hours, was made possible by blind spots in dependency management processes and security tools. Let's break down how it happened and how to protect yourself.
Attack Mechanics: From Account Compromise to RAT
The incident began with a change to the email on the jasonsaayman account (lead Axios maintainer) to [email protected] and a switch from a trusted OIDC pipeline to direct CLI-publish. These changes were automatically detected by Elastic Security Labs through supply chain monitoring. The malicious versions Axios 1.14.1 (latest tag) and 0.30.4 (legacy tag) contained a suspicious dependency plain-crypto-js.
The attacker used a two-stage scheme:
- [email protected] — a legit version published earlier to create a history
- [email protected] — a malicious version with a postinstall hook that loads a RAT from the server sfrclak[.]com:8000
A key feature of the attack was the lack of modification to the Axios source code. Instead, the attacker added the malicious package to the list of dependencies. The RAT was cross-platform, providing full remote access to macOS, Windows, and Linux after establishing a connection to the C2 server.
Why Standard Security Tools Failed
Most CI/CD pipelines failed to detect the threat for several reasons. NPM Audit, which compares packages against the CVE database, returned a clean status because the new versions hadn't yet made it into known vulnerabilities. The tool is fundamentally not designed to detect fresh attacks via account compromise — it only works with known CVEs.
A critical mistake in many teams' processes is the lack of pinned dependency versions. When using ^1.x.x, the pipeline automatically resolves to latest, which led to pulling the malicious version during the 3-hour window. According to the OpenSSF Scorecard 2024, fewer than 20% of projects use pinned dependency hashes. Transitive dependencies (packages needed only at build time) remain outside the scope of checks, despite their potential threat.
New Supply Chain Security Rules
The Axios incident exposed a systemic gap in the traditional security model. Previously, responsibility was divided among team leads (module selection), DevOps (delivery), and security teams (SAST/DAST). But no one was responsible for monitoring the integrity of maintainer accounts. Trust in signed packages was tied to a specific account, which could be compromised.
The scale of the vulnerability is explained by Axios's dominance in the ecosystem: 100 million weekly downloads and 174,000 dependent packages. A typical Node.js project has 40–60 direct dependencies, each pulling in 5–7 transitive ones. That's over 200 packages with separate account owners, whose security is often ignored.
Role of AI in Threat Escalation
Modern attacks feature state sponsorship and AI usage. In this case, attribution points to a North Korean threat actor (Google Cloud Threat Intelligence). Neural networks accelerate vulnerability hunting in open source: what used to take hours now takes minutes.
According to Google Project Zero (2023), the median time from vulnerability discovery to patch is 25 days. AI shortens the time attackers spend searching for vulnerabilities faster than security teams can grow. The number of undetected vulnerabilities in open source runs into the millions, creating a vast field for exploitation.
Effective Protection Measures
The attack was stopped not by standard security but by behavioral monitoring from Elastic Security Labs. To prevent similar incidents, implement the following in your CI/CD:
- Pinned Versions — use
npm install --frozen-lockfileand commit package-lock.json - Signature Checks —
npm audit signaturesto validate SLSA provenance - SAST on Dependencies — static analysis of installed packages
- Automatic Alerts — Dependabot for tracking CVEs
- Meta-Monitoring — analysis of email changes, publish methods, and dependency history
Large companies are already adopting these practices in DevSecOps. Small projects, which make up the bulk of affected packages, often ignore them due to complexity and lack of resources.
Key Takeaways
- Signatures Matter — Checking cryptographic signatures (
npm audit signatures) will immediately detect a switch in publish method from OIDC to CLI. - Transitive Dependencies Are a Threat — Packages that don't make it to production can still execute malicious code during the build stage.
- Behavioral Analysis Beats CVE Checks — Monitoring metadata (email, publish history) is more important than vulnerability databases for fresh attacks.
- Version Pinning Is Critical — Dropping ^1.x.x prevents automatic pulls of malicious latest versions.
The Axios incident marked a turning point: the security perimeter now includes third-party code and maintainer accounts. Those who don't adapt their processes will remain vulnerable to targeted supply chain attacks. Response times have shrunk to hours — protection must be automatic and cover all stages.
— Editorial Team
No comments yet.