npm

axios

axios is identified in the SafeDep analysis "axios Compromised: npm Supply Chain Attack via Dependency Injection". axios 1.14.1 was published to npm via a compromised maintainer account, injecting a trojanized dependency that executes a multi-platform reverse shell on install. No source code changes in axios itself, just a new entry in package.json.

discovered 2026-03-31

Threat types

ratpersistence

Malicious versions

1.8.2

Campaigns

No Specific Campaignattributed-to

Indicators

domainsfrclak.comcommunicates-with
ipv4142.11.206.73communicates-with
sha2565bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cdindicates
sha25659336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0findicates
sha256fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cfindicates
sha256e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09indicates
email[email protected]exfiltrates-to
email[email protected]exfiltrates-to
email[email protected]exfiltrates-to
email[email protected]exfiltrates-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1528 Steal Application Access Tokenuses
ttpT1105 Ingress Tool Transferuses
ttpT1071.001 Application Layer Protocol: Web Protocolsuses
ttpT1102 Web Serviceuses
ttpT1546 Event Triggered Executionuses

Read the full analysis →