Cybersecurity

The Axios npm supply chain incident: fake dependency, real backdoor

56 sec read16 views0 listens

NVISO Blog Post: Axios NPM Package Compromised in Supply Chain Attack

Published on February 28, 2025

Overview

The popular JavaScript library Axios was compromised by a threat actor who uploaded malicious versions of the package to the npm registry. This supply chain attack has led to the deployment of remote access trojans (RATs) in affected environments.

Incident Details

Timeline:

February 20, 2025: Initial detection and reporting by security researchers.
February 21, 2025: Malicious versions identified and removed from npm registry.
February 23, 2025: Full analysis completed, including identification of C2 infrastructure.

Threat Actor: The attack is attributed to a North Korean threat actor group known for targeting software supply chains. The malicious packages were uploaded under the guise of legitimate updates but contained backdoor code that allowed remote control over infected systems.

Impact

Compromised Packages: Malicious versions of Axios (0.30.4 and 1.14.1) were pushed to npm.
**C2 Infrastructure

Read the full article at NVISO Labs

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain Attack

The popular disk image mounting software DAEMON Tools was compromised, with malicious payloads delivered through official installers from April 8 to May 2026. This sophisticated supply chain attack highlights the increasing risk of threat actors weap...

Ali Nemati

CybersecurityApr 1528 sec read

Your Supply Chain Breach Is Someone Else's Payday

TeamPCP exploited a single stolen credential to inject malware into trusted software repositories, cascading across five ecosystems within days. This highlights the critical risk that compromised credentials pose not just for security tools but also ...

Ali Nemati

CybersecurityMar 622 sec read

Symantec reports Iranian Seedworm hackers infiltrate US infrastructure and defense supply chain networks

Symantec reported that the Iranian cyber threat group Seedworm has infiltrated U.S. infrastructure and defense supply chains, raising concerns about escalating regional tensions. Content creators should be aware of increased cybersecurity risks and a...

Ali Nemati

Cybersecurity5 days ago26 sec read

GitHub says internal repositories were taken in poisoned VS Code extension attack

GitHub confirmed that internal repositories were compromised after an employee's device was infected by a malicious Visual Studio Code extension, highlighting the increasing risks to software development platforms and third-party tools. This incident...

Ali Nemati

Cybersecurity5 days ago22 sec read

GitHub Hacked - Internal Source Code Repositories Compromised via Employee Device

GitHub confirmed a security breach involving unauthorized access to internal repositories through a compromised Visual Studio Code extension used by an employee. This incident highlights the increasing threat of supply chain attacks targeting develop...

Ali Nemati

The Axios npm supply chain incident: fake dependency, real backdoor

NVISO Blog Post: Axios NPM Package Compromised in Supply Chain Attack

Overview

Incident Details

Impact

Related Articles

DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain Attack

Your Supply Chain Breach Is Someone Else's Payday

Symantec reports Iranian Seedworm hackers infiltrate US infrastructure and defense supply chain networks

GitHub says internal repositories were taken in poisoned VS Code extension attack

GitHub Hacked - Internal Source Code Repositories Compromised via Employee Device