Technical Advisory: Axios NPM Supply Chain Attack - Cross-Platform RAT Deployed Via Compromised Maintainer Account
Bitdefender, Tuesday, March 31st, 2026
Attackers compromised the npm account of the primary axios maintainer and published two malicious versions that silently install a cross-platform remote access trojan.
Axios itself is not vulnerable; the attack used account takeover to inject a poisoned dependency. Malicious versions have been removed from the registry, but any environment that ran npm install during the exposure window may have an active RAT or compromised credentials.