惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

2024 Sonatype Blog

Request for Comments: CARE and Maven Central Q2 2026 Open Source Malware Index AI Is Forcing a New Open Source Security Model Vulnerability Prioritization Is Missing the AI-Era Point The Hidden National Security Threat Inside AI-Driven Software Miasma Returns: Leo Platform Compromise in npm The Rise of Collective Defense for Open Source Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing Software Security Has to Start at Assembly easy-day-js Targets Mastra, Dependency Attacks Grow Open Publishing, Commercial Scale Software Dependency Cooldowns Are a Symptom, Not a Strategy Atomic Arch npm Campaign Adds Malicious Dependency From SBOMs to AI BOMs: Why SPDX 3.0 Matters Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages Lazarus Group's Latest: Brandjacking Campaign on npm 5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook The AI Race Is Becoming a Remediation Race Red Hat Cloud Services npm Packages Hijacked Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies AI Is Making Software Autonomous, and Governance Must Follow Your Outdated Repository Still Works, But It May Not Be Safe Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype Managing Open Source Software Risks With the HeroDevs EOL Dashboard Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target Building Trusted AI Development With Kiro and Sonatype Guide How to Build a Software Supply Chain Security Playbook The Evolution of Open Source Malware: From Volume to Trust Abuse The Mythos AI Vulnerability Storm: What to Do Next Malicious PyTorch Lightning Packages Found on PyPI Why Developer Experience Is the Foundation of DevSecOps Success Open is Not Costless: Reclaiming Sustainable Infrastructure Q1 Updates in Nexus Repository: More Formats, Stronger Operations, and a Better Day-to-Day Experience Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths The Time Is Now to Prepare for CRA Enforcement Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition Mythos and the AI Vulnerability Storm: Exploring the Control Point When AI Writes Code, Who Governs the Dependencies? Why Software Supply Chain Security Requires a New Playbook Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust Modernizing Nexus Repository: Moving Beyond OrientDB AI, DevSecOps, and the Future of Application Security: The Gartner® Report How Sonatype's Container Scanning Protects You From Zero-Days Is Your Repository Ready for What's Next? Autonomous Development and AI: Speed vs. Security Grounded Intelligence Ensures Safe AI Software Development Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds Sonatype Discovers Two Malicious npm Packages
Axios Compromise on npm Introduces Hidden Malicious Package
research@sonatype.com (Sonatype Security Research Team) · 2026-03-31 · via 2024 Sonatype Blog

A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used JavaScript libraries in the world.

With initial reporting by researchers at StepSecurity, the incident involved unauthorized publications of the popular HTTP client axios, published to npm and which sees over 300 million weekly downloads.

Between March 30-31, 2026, attackers hijacked an npm publishing account associated with an axios maintainer and released two malicious versions of the package:

  • axios@1.14.1 (published at 00:21 UTC, March 31, 2026)

  • axios@0.30.4 (published at 01:00 UTC, March 31, 2026)

Sonatype tracked both packages as sonatype-2026-001623.

Notably, neither version contained malicious code directly. Instead, both introduced a hidden dependency on a newly published package:

The naming and timing of this package suggest it was intentionally published to resemble a legitimate cryptography library, likely to confuse or deter researchers during our initial analysis.

Sonatype detected and flagged the packages as malicious within minutes, at 01:04 UTC on March 31, 2026. For organizations using Sonatype's automated defenses, this rapid detection meant automatic protection, blocking downloads of the malicious components before they could reach developer environments.

npm has since removed the malicious axios versions and replaced plain-crypto-js with a security-holder stub.

Why Was Axios an Ideal Target?

Axios is one of the most widely used HTTP client libraries in the JavaScript ecosystem. By compromising axios, attackers gained:

  • Immediate access to a massive developer install base.

  • High trust due to axios's reputation and ubiquity.

  • Automatic execution via dependency installation.

Because npm automatically installs and executes life cycle scripts of dependencies, simply installing the affected axios versions triggered the malicious payload. Each time either malicious axios version was installed, npm automatically pulled in plain-crypto-js, ensuring consistent delivery of the payload across environments.

This incident demonstrates how a compromised Axios version can introduce risk without changing the core library itself, relying instead on a malicious dependency.

OpenClaw-related Package Spread

The malicious dependencies were not isolated to axios alone. Sonatype researchers observed the same compromised component appearing in additional npm packages associated with OpenClaw, indicating broader propagation beyond the initial axios compromise.

Affected packages include:

  • @qqbrowser/openclaw-qbot@0.0.130

  • @shadanai/openclaw@2026.3.28-2

  • @shadanai/openclaw@2026.3.28-3

  • @shadanai/openclaw@2026.3.31-1

  • @shadanai/openclaw@2026.3.31-2

This indicates the attacker's technique could propagate beyond a single high-profile package into broader dependencies.

"Attackers have figured out they don't need to compromise the code people trust if they can compromise the trust around it," said Ilkka Turunen, Sonatype Field CTO. "In this case, the malicious capability was introduced through a staged dependency and designed to erase its own tracks, which made the attack harder to spot and slower to understand. That's not just malware — it shows a more deliberate and mature playbook."

How Did the Attack Work?

The attack leveraged a common but highly effective software supply chain technique of introducing a malicious transitive dependency into a trusted package.

The Malicious Payload: plain-crypto-js

The plain-crypto-js@4.2.1 package functioned as a heavily obfuscated, cross-platform loader. Its behavior includes:

  • Executing automatically via npm's postinstall life cycle hook.

  • Using layered decoding routines (base64 + XOR) to dynamically reconstruct hidden strings, including module names, commands, file paths, and a remote endpoint.

  • Fingerprinting the host OS (Windows, MacOS, Linux).

  • Fetching a secondary payload from a command-and-control (C2) server.

  • Writing OS-specific launcher scripts (AppleScript on MacOS, PowerShell/VBS on Windows, Python on Linux) into temporary directories.

  • Executing system-level commands to download and run the retrieved payload in a hidden or background context.

The dropper ultimately delivered a remote access trojan (RAT), enabling attackers to establish backdoor access to compromised systems.

To evade detection and hinder forensic analysis, the package:

  • Executes payloads indirectly through generated scripts, rather than inline commands.

  • Deleted its original malicious artifacts after execution.

  • Removes and renames package metadata files (e.g., replacing package.json) to mask its presence or restore a benign appearance.

  • Obfuscates all meaningful strings and logic using custom transformations to resist static inspection.

The result was a silent compromise of the host system immediately upon installation.

Downstream Risk and Ecosystem-Wide Impact

This attack enabled unauthorized remote access to affected systems. Any environment that installed the malicious packages should be considered potentially compromised.

Because the payload executed during installation:

  • CI/CD pipelines may have been affected.

  • Developer workstations could be backdoored.

  • Secrets and credentials may have been exposed.

"What makes this incident important is how little visible change was needed to create real downstream risk," said Turunen. "When a widely trusted package can be turned into a delivery path like this, the issue is bigger than package hygiene. It's a trust problem in the software supply chain, and it's why organizations need security controls that look at what’s actually being installed, not just what appears safe at first glance."

Recommended Actions

If you suspect exposure, take the following steps immediately:

  • Remove affected packages: Uninstall axios@1.14.1, axios@0.30.4, and plain-crypto-js@4.2.1.

  • Audit your environment: Review dependency trees and lockfiles. Identify any systems that installed these versions.

  • Assume compromise: Rotate credentials and API keys. Rebuild affected systems from a clean state.

  • Verify dependencies: Ensure only trusted, uncompromised versions are in use.

  • Block malicious components: Use repository controls to prevent reintroduction.

A Growing Pattern in Software Supply Chain Attacks

This incident follows a growing trend of attackers targeting:

Rather than inserting obvious malicious code into well-known libraries, attackers increasingly rely on indirect dependency injection, making detection more difficult and increasing blast radius.

As this Axios version incident shows, attackers can introduce significant risk through small, indirect changes that are easy to miss in dependency trees.

Recent incidents, including malicious npm packages and PyPI credential stealers, highlight how quickly these attacks are evolving.

How Sonatype Helps

Incidents like the axios compromise highlight how quickly malicious code can be introduced into even the most widely trusted open source packages.

Protections such as Sonatype Repository Firewall automatically prevent known malicious dependencies from being downloaded, effectively neutralizing attacks like this even when compromised package versions are requested.

In parallel, Sonatype Guide provides developers with real-time intelligence and context on open source packages, helping teams identify and avoid malicious or high-risk dependencies before they enter the software supply chain.

Together, these capabilities help organizations reduce exposure to fast-moving software supply chain attacks and make safer dependency decisions at scale.

Tags