← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Axios Packages Published to npm in New Supply Chain Compromise
WHITE PetrP.73 2026-04-02 Modified: 2026-04-04
264
IOCs
HIGH VOLUME
A recent supply chain compromise has been identified affecting the widely utilized JavaScript HTTP client axios, wherein malicious versions of the package were published to npm using compromised maintainer credentials. The exploitation involves the deployment of a Remote Access Trojan (RAT) through a fabricated dependency labeled plain-crypto-js@4.2.1. Notably, this dependency is not directly imported by axios, functioning instead as a dropper that executes a postinstall script upon installation.
truesecpost bodytempcicdrotate npmmonitornpm supplychainrisk detectionurlsnetworkremote access
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (58 / 264 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain email hostname CIDR CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 21d2470cae072cf2d027d473d168158c MD5 of 2553649f2322049666871cea80a5d0d6adc700ca 2026-04-02
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-02
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-02
FileHash-MD5 089e2872016f75a5223b5e02c184dfec MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd 2026-04-02
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 2026-04-02
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-02
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-02
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-02
FileHash-MD5 089e2872016f75a5223b5e02c184dfec MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd 2026-04-02
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 2026-04-02
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-02
FileHash-MD5 90e8e227ba8bef0ea7e0212b5b1e0d4c MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c 2026-04-02
FileHash-MD5 9663665850cdd8fe12e30a671e5c4e6f MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf 2026-04-02
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-02
FileHash-MD5 21d2470cae072cf2d027d473d168158c MD5 of 2553649f2322049666871cea80a5d0d6adc700ca 2026-04-02
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-02
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 2026-04-02
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-02
FileHash-MD5 8c782b59a786f18520673e8d669e3b0a MD5 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff 2026-04-02
FileHash-MD5 90e8e227ba8bef0ea7e0212b5b1e0d4c MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c 2026-04-02
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-02
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-04
FileHash-MD5 089e2872016f75a5223b5e02c184dfec MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd 2026-04-04
FileHash-MD5 21d2470cae072cf2d027d473d168158c MD5 of 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd 2026-04-04
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 2026-04-04
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-04
FileHash-MD5 8c782b59a786f18520673e8d669e3b0a MD5 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff 2026-04-04
FileHash-MD5 90e8e227ba8bef0ea7e0212b5b1e0d4c MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c 2026-04-04
FileHash-MD5 9663665850cdd8fe12e30a671e5c4e6f MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf 2026-04-04
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 2026-04-04
FileHash-MD5 e56bafda15a624b60ac967111d227bf8 MD5 of 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f 2026-04-04
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-04
FileHash-MD5 089e2872016f75a5223b5e02c184dfec MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd 2026-04-04
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 2026-04-04
FileHash-MD5 9663665850cdd8fe12e30a671e5c4e6f MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf 2026-04-04
FileHash-MD5 db7f4c82c732e8b107492cae419740ab MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-04
FileHash-MD5 e56bafda15a624b60ac967111d227bf8 MD5 of d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 2026-04-04
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 2026-04-04
FileHash-MD5 089e2872016f75a5223b5e02c184dfec 2026-04-04
FileHash-MD5 1b8615b9732833b4dd0a3e82326982fa 2026-04-04
FileHash-MD5 21d2470cae072cf2d027d473d168158c 2026-04-04
FileHash-MD5 2e3a4412a7a487b32c5715167c755d08 2026-04-04
FileHash-MD5 52f3311ceb5495796e9bed22302d79bc 2026-04-04
FileHash-MD5 759e597c3cc23c04cd39301bd93fc79f 2026-04-04
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 2026-04-04
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb 2026-04-04
FileHash-MD5 7cac57b2d328bd814009772dd1eda429 2026-04-04
FileHash-MD5 85ed77a21b88cae721f369fa6b7bbba3 2026-04-04
FileHash-MD5 9663665850cdd8fe12e30a671e5c4e6f 2026-04-04
FileHash-MD5 cde4951bee7e28ac8a29d33d34a41ae5 2026-04-04
FileHash-MD5 db7f4c82c732e8b107492cae419740ab 2026-04-04
FileHash-MD5 e56bafda15a624b60ac967111d227bf8 2026-04-04
FileHash-MD5 f5560871f6002982a6a2cc0b3ee739f7 2026-04-04
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-04
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 2026-04-04
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-04
FileHash-MD5 90e8e227ba8bef0ea7e0212b5b1e0d4c MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c 2026-04-04
FileHash-MD5 9663665850cdd8fe12e30a671e5c4e6f MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf 2026-04-04
References (12)
↗ https://www.truesec.com/hub/blog/malicious-axios-packages-npm-in-supply-chain-compromise ↗ https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan ↗ https://www.derp.ca/research/axios-npm-supply-chain-rat/ ↗ https://socket.dev/blog/axios-npm-package-compromised ↗ https://socradar.io/blog/axios-npm-supply-chain-attack-2026-ciso-guide/ ↗ https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust ↗ https://www.elastic.co/security-labs/axios-supply-chain-compromise-detections ↗ https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/ ↗ https://blog.nviso.eu/2026/04/03/the-axios-npm-supply-chain-incident-fake-dependency-real-backdoor/ ↗ https://hunt.io/blog/axios-supply-chain-attack-ta444-bluenoroff ↗ https://www.zscaler.com/blogs/security-research/supply-chain-attacks-surge-march-2026 ↗ https://blog.talosintelligence.com/axois-npm-supply-chain-incident/