Axios Compromised on NPM – Malicious Versions Drop Remote Access Trojan
Back to Blog Newsaxios Compromised on npm – Malicious Versions Drop Remote Access TrojanHijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.Ashish KurmiView LinkedInMarch 31, 2026Share on XShare on XShare on LinkedInShare on FacebookFollow our RSS feed Table of ContentsLoading nav…On March 31, 2026, StepSecurity identified two malicious versions of the widely used axios HTTP client library published to npm: axios@1.14.1 and axios@0.30.4. Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project’s normal GitHub Actions…
