惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tenable Blog
C
Cybersecurity and Infrastructure Security Agency CISA
GbyAI
GbyAI
Microsoft Security Blog
Microsoft Security Blog
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Security Latest
Security Latest
L
LINUX DO - 热门话题
Blog — PlanetScale
Blog — PlanetScale
T
Threatpost
Stack Overflow Blog
Stack Overflow Blog
Vercel News
Vercel News
S
Securelist
I
Intezer
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
T
The Exploit Database - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Hacker News
The Hacker News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
U
Unit 42
The Register - Security
The Register - Security
NISL@THU
NISL@THU
S
Schneier on Security
M
MIT News - Artificial intelligence
The Last Watchdog
The Last Watchdog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
Y
Y Combinator Blog
Know Your Adversary
Know Your Adversary
罗磊的独立博客
MongoDB | Blog
MongoDB | Blog
美团技术团队
W
WeLiveSecurity
P
Privacy International News Feed
Forbes - Security
Forbes - Security
H
Hacker News: Front Page
小众软件
小众软件
博客园 - 【当耐特】
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
T
Tor Project blog

Security Research | Blog

ClaudeFix: Shared Claude Chats Meet ClickFix | Zscaler Why Do F1 Teams Need Cybersecurity, and What Is AI’s Role? Indirect Prompt Injection Targets AI Agents | ThreatLabz Splunk Enterprise RCE (CVE-2026-20253) | ThreatLabz Edgecution: Malicious Edge Extension Backdoor | ThreatLabz SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz What the ThreatLabz 2026 Phishing and Initial Access Report Means for the Public Sector | Zscaler Shai-Hulud: Miasma, Hades, & AI Scanner Evasion | ThreatLabz Zscaler ThreatLabz 2026 Phishing and Initial Access Report Technical Analysis of MLTBackdoor | ThreatLabz When the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing | Zscaler OpenClaw Skill Distributes Remcos & GhostLoader | ThreatLabz Tropic Trooper: AdaptixC2 + Custom Beacon | ThreatLabz Do not delete blog (testing) | Zscaler Payouts King Takes Aim at the Ransomware Throne | ThreatLabz The Alibaba Incident and Why Zero Trust Matters More Than Ever In-Memory Loader Drops ScreenConnect | ThreatLabz Claude Code Leak: Critical AI Security Threat 2026 Latest Xloader Obfuscation Code & C2 Protocol | ThreatLabz CVE-2026-20131: Analysis of FMC RCE | ThreatLabz Technical Analysis of SnappyClient | ThreatLabz China-nexus Group Targets Arabian Gulf Region | ThreatLabz Middle East Conflict Fuels Cyber Attacks | ThreatLabz Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz APT37 Adds New Tools For Air-Gapped Networks | ThreatLabz GuLoader Malware Obfuscation Techniques Analyzed GuLoader Obfuscation Analysis | ThreatLabz Technical Analysis of Marco Stealer | ThreatLabz Latest Public Sector AI Adoption Trends: What Government, Healthcare, and Education Security Teams Need to Know | Zscaler Operation Neusploit: APT28 Uses CVE-2026-21509 | ThreatLabz 7 Predictions for 2026 | Zscaler SHEETCREEP, FIREPOWER, and MAILCREEP Analysis | ThreatLabz AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report | Zscaler GOGITTER, GITSHELLPAD, and GOSHELL Analysis | ThreatLabz Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek | Zscaler BlindEagle Deploys Caminho and DCRAT | ThreatLabz Technical Analysis of the BlackForce Phishing Kit | ThreatLabz React2Shell RCE Vulnerability (CVE-2025-55182) | ThreatLabz Shai-Hulud V2 Poses Risk to NPM Supply Chain | ThreatLabz Technical Analysis of Matanbuchus 3.0 | ThreatLabz In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered CVE-2025-50165: Windows Graphics Component Flaw | ThreatLabz Mobile, IoT, and OT Risks Converge in the Public Sector | Zscaler Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report | Zscaler Zscaler Discovers Vulnerability in Keras Models Allowing Arbitrary File Access and SSRF (CVE-2025-12058) | Zscaler F5 Security Incident Advisory | Zscaler Under the Radar: How Non-Web Protocols Are Redefining the Attack Surface | Zscaler SEO Poisoning Targets Ivanti VPN: Credential Theft Alert Cisco Firewall and VPN Zero Day Attacks | ThreatLabz COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz YiBackdoor: Linked to IcedID and Latrodectus | ThreatLabz Technical Analysis of Zloader Updates | ThreatLabz Mitigating Risks from the Shai-Hulud NPM Worm | ThreatLabz Malicious PyPI Packages Deliver SilentSync RAT | ThreatLabz Technical Analysis of SmokeLoader Version 2025 | ThreatLabz Technical Analysis of kkRAT | ThreatLabz APT37: Rust Backdoor & Python Loader | ThreatLabz Anatsa’s Latest Updates | ThreatLabz Termncolor and Colorinal Explained | ThreatLabz GenAI Used to Impersonate Brazil’s Govt Websites | ThreatLabz Tracking Updates to Raspberry Robin | ThreatLabz Ransomware Surges, Extortion Escalates: ThreatLabz 2025 Ransomware Report | Zscaler China-nexus APT Targets the Tibetan Community | ThreatLabz CVE-2025-53770 | ThreatLabz Black Hat SEO Poisoning Search Engine Results For AI | ThreatLabz
Supply Chain Attacks Surge in March 2026 | ThreatLabz
ThreatLabz · 2026-04-03 · via Security Research | Blog

Axios NPM Package Compromised to Distribute Cross-Platform RAT

Summary

On March 30, 2026, security researchers discovered that the widely-used NPM package Axios was compromised through an account takeover attack targeting a lead maintainer. Threat actors bypassed the project's GitHub Actions CI/CD pipeline by compromising the maintainer's NPM account and changing its associated email. The threat actor manually published two malicious versions via NPM CLI.

These poisoned releases inject a hidden dependency called [email protected], which executes a postinstall script functioning as a cross-platform Remote Access Trojan (RAT) dropper targeting macOS, Windows, and Linux systems.

During execution, the malware contacts command-and-control (C2) infrastructure at sfrclak[.]com to deliver platform-specific payloads, then deletes itself and replaces its package.json with a clean version to evade detection.

Recommendations

  • Review package.json, package-lock.json, and yarn.lock files for [email protected], [email protected], or [email protected]. Remove any compromised packages, clear caches, and reinstall clean ones.
  • Downgrade to [email protected] (for 1.x users) or [email protected] (for 0.x users) and update lockfiles.
  • Search for connections to sfrclak[.]com or 142.11.206[.]73 from developer workstations and CI/CD systems.
  • Use private registry proxies and Software Composition Analysis (SCA) tools to filter and monitor third-party packages.
  • Restrict open-source package consumption on corporate devices and CI systems to enterprise-open source package managers. Use Zscaler Internet Access controls to block access to internet package managers from corporate devices. Use native controls and Zscaler Private App Connectors to block access to internet package managers from CI systems.
  • Apply lockfiles strictly (e.g., package-lock.json, pnpm-lock.yaml) and use npm ci instead of npm install.
  • Reduce dependency surface by auditing and removing unused packages.
  • Apply least privilege principles using scoped, short-lived keys and tokens.
  • Revoke NPM tokens, GitHub PATs, cloud keys, and CI/CD secrets.
  • Enable phishing-resistant multifactor authentication (MFA) on NPM, GitHub, and cloud platforms.
  • Flag abnormal NPM publishes, unexpected GitHub workflow additions, or secret scanner usage in CI.
  • Treat impacted systems as compromised by isolating, scanning, or reimaging them.
  • Update response playbooks for supply chain attacks and run practice drills.
  • Restrict build environments to internal package managers or trusted mirrors, and limit internet access to reduce exfiltration risk.
  • Reinforce the secure handling of tokens and secrets, and train teams on phishing awareness and supply chain security best practices.
  • Enforce a release cooldown period to ensure users can’t check out newly released packages, stopping emerging supply chain attacks.

Affected packages and versions

The following packages are impacted by this compromise.

Package 

Version

Axios

1.14.1

Axios

0.30.4

Table 1: Axios package versions impacted by the compromise.

How it works

All NPM packages include a package.json file that declares dependencies. In the compromised version of Axios, the threat actor added a dependency for a malicious package called plain-crypto-js, which included a postinstall script that ran a setup.js script via node.

When developers or CI pipelines run npm install [email protected], NPM resolves the dependency tree, downloads [email protected], and runs the postinstall script. Running node setup.js triggers the compromise sequence.

Attack chain

The figure below shows the attack chain.

Attack chain for the compromised Axios package.

Figure 1: Attack chain for the compromised Axios package.