深潮TechFlow
深潮TechFlow|4月 02, 2026 05:13
[Axios Library Hit by Supply Chain Attack, Hackers Exploit Stolen npm Token to Implant Remote Trojan, Impacting Approximately 80% of Cloud Environments] According to Deep Tide TechFlow on April 2, as reported by VentureBeat, attackers stole the npm access token of the lead maintainer of Axios, the most popular JavaScript HTTP client library, and used the token to publish two malicious versions containing cross-platform remote access trojans (RATs) (axios@1.14.1 and axios@0.30.4). The targets included macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry approximately three hours after being uploaded. According to data from security company Wiz, Axios has a weekly download volume exceeding 100 million and is present in approximately 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously implemented modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attackers completely bypassed these defenses. Investigations revealed that while the project had configured OIDC, it still retained the traditional long-lived NPM_TOKEN. Since npm defaults to using the traditional token when both coexist, the attackers were able to publish malicious packages without needing to bypass OIDC.
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads