Edited by humans. Written by AI. How our editing works
All articles

Axios RAT Attack: What Happened and How to Check If You're Hit

A sophisticated remote access trojan infiltrated Axios through a rogue dependency. Here's how the attack worked and what developers need to do now.

Yuki Okonkwo

Written by AI. Yuki Okonkwo

April 1, 20266 min read
Share:
A bearded warrior figure in golden helmet and armor stands beside white and red text reading "AXIOS HACK" with "The Code…

Photo: Fireship / YouTube

Yesterday, the JavaScript ecosystem experienced one of its most sophisticated security breaches to date. Two malicious versions of Axios—a library with over 100 million weekly downloads—were published to npm containing a remote access trojan (RAT). If that sentence made your stomach drop, you're not alone.

What makes this attack particularly unsettling isn't just its scale—it's the precision. This wasn't someone copy-pasting a crypto miner into the source code like it's 2015. The attacker understood how modern JavaScript infrastructure works, then weaponized that knowledge.

How the Attack Actually Worked

Here's the thing that's keeping me up: Axios itself contains exactly zero malicious code. The source code is clean. Your code reviews would have found nothing.

Instead, the attacker added a seemingly innocuous dependency called plain-crypto-js to the malicious Axios releases. This package looks almost identical to the legitimate crypto-js library—the kind of typosquat that your brain automatically corrects when scanning a package.json.

That dependency contained a post-install script. If you're not familiar, post-install scripts run automatically when you npm install a package. They're legitimate features used for building native modules or setting up project configurations. They're also a known attack vector that the community has been worried about for years.

Step Security, who analyzed the attack, described the rat dropper's behavior: the script first detects your operating system, then reaches out to a command-and-control server to fetch a second-stage payload specifically tailored to your OS. Once downloaded, it establishes remote access to your machine.

Then comes the really clever part: it cleans up after itself. The script deletes evidence, removes the post-install script, and sanitizes the package.json. When you run npm audit, everything looks fine. No red flags. No warnings.

"The scariest thing is that Axios itself contains zero lines of bad source code," the analysis notes. "Instead of just hard-coding a crypto miner into the package like a noob, the attacker slipped a rogue dependency into the release."

Check Your System Right Now

If you use Axios, here's what you need to do immediately:

  1. Open your package.json and look for these specific Axios versions: [the video doesn't specify exact versions, but Step Security's writeup would have them]
  2. Check your node_modules folder for a package called plain-crypto-js
  3. Run OS-specific commands to scan for the RAT file itself (Step Security has the exact commands for Mac, Windows, and Linux)

If you find the RAT, here's the uncomfortable truth: deleting it isn't enough. The malware could have already exfiltrated your AWS credentials, API keys, environment variables, and anything else accessible from your development machine or CI/CD server.

Step Security recommends immediately rolling all API keys and tokens. That means everything—not just the ones you think might be exposed. If the RAT had access to your machine, assume it had access to everything on your machine.

The npm Account Compromise

How did malicious packages get published under the Axios name in the first place? The same way most of these attacks start: account compromise.

Normally, Axios releases are published via GitHub Actions—automated deployments that don't require human intervention or stored credentials. But these malicious versions were published manually using an npm access token, traced back to a Proton Mail address.

How the attacker obtained that token remains unclear. Phishing? Credential stuffing? A compromised maintainer machine? The investigation is ongoing, but the attack vector matters less than the architectural question it raises.

The Uncomfortable Questions

This attack exposes tensions in how we build software that we don't talk about enough.

First: Why are we still using Axios? Modern JavaScript runtimes have native fetch support. Axios made sense a decade ago when promises were new and the web platform was behind. But today? We're accepting supply chain risk for... slightly nicer error handling?

I'm not saying everyone should immediately rip out Axios (especially not right now, while you're checking if you're compromised). But the instinct to reach for third-party libraries for things the platform now handles natively—that instinct has costs we're only beginning to calculate.

Second: npm's post-install script problem isn't new. We've known for years that arbitrary code execution during package installation is a massive attack surface. Some have argued for sandboxing these scripts or requiring explicit user consent. Others point out this would break legitimate use cases.

What's frustrating is that npm audit gives developers a false sense of security. It checks for known vulnerabilities in your dependency tree—it doesn't catch novel attacks like this one. When the malicious code removes its own traces, audit tools are checking for ghosts.

Third, and this is the one that really gets me: our supply chain is built on trust at scale that might not be sustainable. The average Node.js project has hundreds of dependencies, each maintained by strangers who could have their accounts compromised at any moment. We've created a system where a single weak password can potentially compromise millions of developers.

What This Means for JavaScript Security

The sophistication here suggests this wasn't some script kiddie. The attacker understood npm's lifecycle hooks, knew how to avoid detection, and built infrastructure (command-and-control servers, OS-specific payloads) that indicates planning and resources.

"If your system is compromised, the rat could already have access to your AWS credentials, your OpenAI API keys, and everything else in your file," the report warns. That's not hyperbole—that's the actual threat model.

What's interesting is what this attack didn't do. No ransomware. No immediate monetization. Just quiet credential theft and remote access. That pattern suggests either a nation-state actor collecting intelligence, or someone building a botnet for later use. Neither option is comforting.

The JavaScript security community has been warning about supply chain attacks for years. We got close calls with event-stream in 2018 and ua-parser-js in 2021. Each time, we collectively said "we should really do something about this" and then... mostly didn't.

Maybe this one will be different. Or maybe we'll patch, update our dependencies, and keep building on the same shaky foundation until the next attack. The architecture that makes JavaScript development fast and convenient is the same architecture that makes attacks like this possible. We can't fix one without confronting the other.

For now: check your systems, roll your keys, and maybe—just maybe—think twice before npm installing that next dependency.

Yuki Okonkwo is Buzzrag's AI & Machine Learning Correspondent

From the BuzzRAG Team

We Watch Tech YouTube So You Don't Have To

Get the week's best tech insights, summarized and delivered to your inbox. No fluff, no spam.

Weekly digestNo spamUnsubscribe anytime

More Like This

Man in green shirt poses against blue digital background with neon "Shop Talk" logo and yellow "Axios Hack Explained" text

When Trusted Tools Betray: The Axios Hack and Trust Debt

The Axios npm breach exposed how fragile our software trust chain is. Two major incidents in 24 hours reveal the real cost of assuming 'it works.'

Samira Barnes·3 months ago·6 min read
Daniel Rosenwasser announces TypeScript 6.0 beta release with an excited expression against a dark background with npm…

TypeScript Is Getting Rewritten in Go. Here's Why That Matters

Microsoft is porting TypeScript to Go for TypeScript 7, promising 10x speed improvements. Here's what developers need to know about versions 6 and 7.

Yuki Okonkwo·5 months ago·6 min read
Confused older man in NFL cap and blue shirt against digital background with "WHY?! still doing this?!" text overlay

The Security Hole We Keep Ignoring: Third-Party Scripts

After 50 years covering tech, I've seen this pattern before: developers linking to code they don't control, creating vulnerabilities that shouldn't exist.

Bob Reynolds·3 months ago·5 min read
Man with glasses holding compact camera while speaking into microphone, with another camera visible in foreground against…

Why This YouTuber Ditched His $1K Camera for Three Cheap Ones

A photographer applies Unix philosophy to cameras and discovers something interesting: specialized tools beat jack-of-all-trades hybrids.

Yuki Okonkwo·5 months ago·6 min read
Man in black shirt gesturing while speaking, with code and data visualizations in background, "think series" logo and…

IBM's 2026 Threat Report: Cybersecurity Got Worse

IBM's latest threat intelligence index reveals alarming trends: 56% of vulnerabilities need zero authentication, ransomware groups up 49%, and AI is changing everything.

Zara Chen·5 months ago·6 min read
Bearded man in green cap with shocked expression surrounded by glowing tech logos (OpenAI, Google, Microsoft) and "EPIC…

AI's Wild Week: From Images to Audio Mastery

Explore the latest AI tools reshaping images, audio, and video editing. From OpenAI to Adobe, discover what these innovations mean for creators.

Yuki Okonkwo·7 months ago·3 min read
Skeptical man with beard next to glowing AI box with arrow pointing to broken red bug icon, with text "AI FIX THIS? STILL…

AI Can Write Code, But Can It Make Software Stop Sucking?

The creator of Windows Task Manager on why AI coding tools amplify your skill level—and why that might not fix bloated, slow software.

Yuki Okonkwo·3 months ago·6 min read
Four men's headshots arranged horizontally with "The War on AI" text at top and names labeled below each person

Opus 4.7 Drops Amid Molotov Cocktails and AI Fear

Anthropic's Opus 4.7 launches as a 20-year-old throws a Molotov cocktail at Sam Altman's house. The AI world is splitting in two—and it's getting violent.

Yuki Okonkwo·3 months ago·6 min read

RAG·vector embedding

2026-04-15
1,456 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.