Urgent: Global Developers at Risk After Axios NPM Package Compromised
Google Threat Intelligence Group (GTIG) has confirmed an active software supply chain attack targeting the widely used NPM package axios, a JavaScript library with over 100 million weekly downloads. Between March 31, 2026, 00:21 and 03:20 UTC, attackers inserted a malicious dependency named plain-crypto-js into versions 1.14.1 and 0.30.4 of the axios package. This dependency deploys the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux systems.
“This is a high-severity incident affecting the backbone of modern web development,” said a senior threat researcher at GTIG, speaking on condition of anonymity. “Any developer who installed or updated axios during that window may have inadvertently introduced a backdoor into their environment.”
Attack Details: Account Takeover and Silent Execution
The axios maintainer account was compromised, with the associated email changed to ifstap@proton.me. The attacker then published the malicious dependency, which used a postinstall hook in its package.json to silently execute an obfuscated dropper named setup.js. The hook automatically triggered node setup.js upon package installation, without user interaction.
“The use of a postinstall hook is a classic supply chain technique,” explained a GTIG malware analyst. “It exploits the trust developers place in popular packages.” The dropper, internally tracked as SILKBELL, dynamically checks the operating system and downloads platform-specific payloads from a command-and-control (C2) server.
Attribution: UNC1069 and the WAVESHAPER Backdoor
GTIG attributes this attack to UNC1069, a financially motivated threat actor with ties to North Korea, active since at least 2018. The use of an updated version of the WAVESHAPER backdoor, combined with overlapping infrastructure artifacts, confirms the link. “UNC1069 has consistently targeted development tools and dependencies,” noted a cybersecurity analyst specializing in North Korean cyber operations. “This attack aligns with their modus operandi.”
Background: The Popularity of Axios and Previous UNC1069 Activity
Axios is the most popular JavaScript library for making HTTP requests from Node.js and browsers. It is used by millions of developers worldwide, often in production environments handling sensitive data. Versions 1.14.1 and 0.30.4 each receive over 83 million weekly downloads, amplifying the potential damage of this breach.
UNC1069 has previously targeted cryptocurrency exchanges, software supply chains, and financial institutions. Their earlier campaigns deployed earlier versions of WAVESHAPER, a modular backdoor capable of data theft, credential harvesting, and remote control. This incident marks the first known use of WAVESHAPER.V2, which includes improved obfuscation and multi-platform support.
Malware Analysis: How the Dropper Works
The dropper setup.js (SHA256: e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09) uses custom XOR and Base64 encoding to hide the C2 URL and OS-specific commands. It dynamically loads the fs, os, and execSync modules to evade static detection. After delivering the payload, it attempts to delete itself and revert changes to package.json to erase forensic traces.
- Windows: Drops a PowerShell script that installs the WAVESHAPER.V2 backdoor as a scheduled task.
- macOS/Linux: Executes a shell script that persists the backdoor via cron jobs or init scripts.
“The self-cleaning mechanism is particularly concerning,” said a malware reverse engineer from a partner security firm. “It severely reduces the window for internal detection.”
What This Means: Urgent Action Required for Developers and Organizations
Any developer or organization that downloaded or updated axios between the attack window must immediately audit their systems for the presence of plain-crypto-js or the WAVESHAPER.V2 backdoor. GTIG has released indicators of compromise (IoCs) including the malicious dependency name, file hashes, and C2 domains. Jump to IoCs
“This attack demonstrates that no open-source package, no matter how trusted, is immune,” warned a supply chain security expert. “Organizations should adopt automated dependency verification and runtime monitoring to detect such anomalies.” Developers are urged to roll back to clean versions of axios (1.14.0 or 0.30.3) and revoke any credentials that may have been exposed.
The broader implication is a renewed call for stronger NPM account security, including multi-factor authentication and package integrity checks. “This is a wake-up call for the entire JavaScript ecosystem,” added the GTIG researcher. “Defenders must shift left and treat every dependency as a potential threat vector.”
Indicators of Compromise (IoCs)
- Malicious package:
plain-crypto-jsversion 4.2.1 - Dropper hash:
e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 - Attacker email:
ifstap@proton.me - Affected axios versions: 1.14.1, 0.30.4
GTIG continues to monitor the threat and will update this post as new information emerges. Back to background