North Korean actors compromise Axios npm package in supply chain attack affecting 100M weekly downloads

On March 31, 2026, two malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via the lead maintainer's compromised account. The attacker used a ~2-week social engineering campaign (fake Slack, cloned company identity, fake Teams call) to install a RAT on the maintainer's machine. The malicious versions injected a phantom dependency 'plain-crypto-js' that dropped a cross-platform backdoor (WAVESHAPER.V2) targeting macOS, Windows, and Linux. Google attributed the attack to UNC1069 and Microsoft to Sapphire Sleet, both North Korean state-sponsored groups. The packages had ~100 million weekly downloads and were live for approximately 3 hours. The attacker bypassed OIDC Trusted Publishing using a long-lived NPM_TOKEN. Part of the broader TeamPCP campaign that also compromised Trivy, KICS, and LiteLLM.