Axios Gets 100 Million Downloads a Week. Today, Two Came With a Trojan.

Axios has approximately 100 million downloads a week. But today, two of those downloads came with a remote access trojan. The Hijack An unauthorized party gained access to the npm account of Axios's lead maintainer, jasonsaayman, and changed the registered email address. The attacker then published two backdoored versions of Axios: 1.14.1 and 0.30.4 . The Payload Instead of including the payload directly, the attacker packaged it within a dependency called plain-crypto-js . This dependency contained nothing useful — only a postinstallation script that executed a silent dropper on the weaponized releases of Axios to download the RAT. The attacker created an innocuous version of plain-crypto-js 18 hours before the attack started and published it to npm before the Axios releases were pushed. This was done to introduce the dependency to the registry. About an hour before the Axios releases, the attacker uploaded a new version of the dependency with the payload. The RAT The RAT reported to

Axios Gets 100 Million Downloads a Week. Today, Two Came With a Trojan.

Related Articles

The Real Cost of Abstractions in .NET

Stop Learning Frameworks — You’re Wasting Your Time

How to Self-Host n8n in 2026: VPS vs Managed Hosting (Full Comparison)

I Built a Mac App to Fix Android File Transfer — Here’s What I Learned

What I learned about X-HEEP by Benchmarking

Related Articles

How-To
The Real Cost of Abstractions in .NET
Medium Programming • 16m ago

How-To
Stop Learning Frameworks — You’re Wasting Your Time
Medium Programming • 1h ago

How-To
How to Self-Host n8n in 2026: VPS vs Managed Hosting (Full Comparison)
Dev.to • 1h ago

How-To
I Built a Mac App to Fix Android File Transfer — Here’s What I Learned
Medium Programming • 1h ago

How-To
What I learned about X-HEEP by Benchmarking
Medium Programming • 3h ago