Wiz Research — Axios npm Supply Chain Compromise Delivers Cross-Platform RAT
AI relevance: Axios is extensively used in AI/ML applications for API calls, data fetching, model serving, and external service integration. This supply chain attack directly impacts AI infrastructure security, demonstrating how critical dependencies in AI toolchains can become attack vectors for compromising entire ML pipelines and data processing systems.
- Attack Vector: Compromised npm maintainer account published malicious axios versions v1.14.1 and v0.30.4
- Malicious Dependency: Introduces
plain-crypto-js@4.2.1trojan package - Impact Scale: Axios used in ~80% of cloud/code environments with ~100M weekly downloads
- Platform Coverage: Cross-platform RAT targeting Windows, macOS, and Linux systems
- Detection Bypass:
npm auditreturns "no issues found" due to novel attack method - C2 Infrastructure: Beaconing to sfrclak.com:8000 every 60 seconds
- Execution Observed: 3% of affected environments already executed malicious code
Why it matters
AI/ML applications heavily rely on HTTP client libraries like axios for model inference APIs, data pipeline integration, and external service communication. This supply chain compromise demonstrates how attackers can target foundational infrastructure components that underpin modern AI systems. The attack's success in bypassing standard security tools like npm audit highlights systemic vulnerabilities in dependency management for AI development workflows.
What to do
- Immediately audit for axios versions v1.14.1 and v0.30.4 in all environments
- Check for
plain-crypto-js@4.2.1dependency in package manifests - Monitor network traffic to sfrclak.com:8000 and related domains
- Implement software bill of materials (SBOM) and dependency scanning
- Use tools like Socket.dev or Snyk for deeper supply chain analysis
- Consider pinning dependencies with exact versions and hash verification