| The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments. |
| On March 31, two npm packages for versions axios[@]1.14.1 and axios[@]0.30.4 of Axios npm injected the malicious dependency plain-crypto-js[@]4.2.1 that downloads multi-stage payloads from cyber threat actor infrastructure, including a remote access trojan. |
| CISA urges organizations to implement the recommendations listed in the alert to detect and remediate a potential compromise. |
| Disclaimer The information in this report is being provided as is for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. |