North Korea-Linked Hackers Poison Axios NPM Package in Ongoing Supply Chain Attack
Google Threat Intelligence Group (GTIG) has uncovered an active software supply chain attack targeting the widely used JavaScript library Axios. The attack, which occurred on March 31, 2026, between 00:21 and 03:20 UTC, compromised Axios versions 1.14.1 and 0.30.4 by injecting a malicious dependency called plain-crypto-js. This dependency acts as an obfuscated dropper, delivering the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux systems.
Axios is the most popular JavaScript library for simplifying HTTP requests, with over 100 million and 83 million weekly downloads for its affected packages. The attacker replaced the legitimate maintainer email with ifstap@proton.me after compromising the account. The malicious package uses a postinstall hook in package.json to silently execute a dropper script named setup.js.
"This attack demonstrates the persistent and evolving threat posed by North Korea-nexus actors, who are continuously refining their techniques to compromise the software supply chain," said Austin Larsen, a senior analyst at GTIG. "The use of WAVESHAPER.V2—an updated version of a backdoor previously tied to UNC1069—shows clear attribution."
Campaign Overview
GTIG attributes the attack to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018. The dropper, code-named SILKBELL, dynamically checks the operating system to deploy platform-specific payloads. It uses custom XOR and Base64 obfuscation to hide command-and-control (C2) URLs and execution commands, evading static analysis.
Once the payload is dropped, setup.js attempts to delete itself and revert package.json to its original state, covering forensic traces. The targeted platforms include Windows, macOS, and Linux, with separate execution paths for each.
Malware Analysis
Windows Execution Path
On Windows, the dropper downloads and executes a secondary payload that establishes persistence and connects to the attacker's C2 server. The payload leverages system-level APIs to maintain stealth, including fileless execution techniques.
macOS and Linux Execution Path
On macOS and Linux, the dropper uses shell commands to fetch and run the WAVESHAPER.V2 backdoor. The backdoor is capable of exfiltrating data, executing arbitrary commands, and updating itself.
"The cross-platform nature of this attack underscores the need for comprehensive endpoint detection and response across all operating systems," noted Dima Lenz, a threat researcher at GTIG. "Developers who installed the compromised Axios versions must act immediately."
Attribution to UNC1069
GTIG's analysis of infrastructure artifacts found overlaps with previous UNC1069 campaigns. The WAVESHAPER backdoor has been used by this group in earlier attacks targeting cryptocurrency exchanges and financial institutions. The updated variant, WAVESHAPER.V2, includes improved encryption and evasion capabilities.
Background: Axios and the Software Supply Chain
Axios is a critical dependency in millions of JavaScript projects, including those used by Fortune 500 companies. Supply chain attacks on NPM packages have become increasingly common, with threat actors compromising maintainer accounts to inject malicious code. In 2024, similar attacks targeted the ua-parser-js and coa packages, affecting thousands of downstream projects.
The compromise of Axios is particularly alarming due to its ubiquity. The package is used in frameworks like React, Vue.js, and Angular, as well as server-side Node.js applications. Even a brief window of compromise can lead to widespread infection.
What This Means for Developers and Organizations
Organizations that have downloaded Axios versions 1.14.1 or 0.30.4 between the attack window are at risk. The backdoor provides attackers with persistent access, enabling data theft, lateral movement, and potential ransomware deployment. Given the financial motivation of UNC1069, stolen credentials and financial data are prime targets.
Developers should immediately audit their package-lock.json files for the malicious dependency plain-crypto-js. Affected projects should roll back to a clean version of Axios (e.g., 1.14.0 or 0.30.3) and rotate all secrets exposed to the compromised environment.
"This event is a stark reminder that open-source dependencies are a double-edged sword," said Adrian Hernandez, a solution architect at GTIG. "While they drive innovation, they also create an attack surface that adversaries are eager to exploit. Continuous monitoring and automated dependency scanning are no longer optional—they are mandatory."
GTIG has released indicators of compromise (IOCs) and detection rules to help defenders identify malicious activity. Organizations are urged to update their security tools and conduct thorough incident response reviews.