← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Axios Package Hijacked to Execute Remote Access Attacks
WHITE CODERED_VTA 2026-03-31 Modified: 2026-03-31
25
IOCs
MEDIUM VOLUME
A popular HTTP client library, axios, has been compromised by an attacker who published two malicious versions of the library on the npm platform.. and then published them on its own GitHub Actions.
windowsgithub actionslinuxc2 urlhardenrunnerstepsecuritycicdpost bodyvbscriptc2 postmaliciouspowershellverifymacoscopywriteinstalllinux pythonkicspython
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Linux Python KICS Python
Indicators of Compromise (10 / 25 total)
All FileHash-SHA1 IPv4 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://Linuxpackages.npm.org/product2 2026-03-31
URL http://Windowspackages.npm.org/product1 2026-03-31
URL http://macOSpackages.npm.org/product0 2026-03-31
URL http://packages.npm.org/ 2026-03-31
URL http://packages.npm.org/product0 2026-03-31
URL http://packages.npm.org/product1 2026-03-31
URL http://packages.npm.org/product2 2026-03-31
URL http://sfrclak.com:8000 2026-03-31
URL http://sfrclak.com:8000/ 2026-03-31
URL http://sfrclak.com:8000/6202033 2026-03-31
References (1)
↗ https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan