Axios NPM Package Breached: North Korea-Linked Hackers Deploy WAVESHAPER Backdoor in Widespread Supply Chain Attack

Breaking: Critical JavaScript Library Compromised

March 31, 2026 — Google Threat Intelligence Group (GTIG) has detected an active software supply chain attack targeting the widely used JavaScript library axios, the most popular NPM package for HTTP requests. An attacker inserted a malicious dependency named plain-crypto-js into axios releases version 1.14.1 and 0.30.4, affecting systems running Windows, macOS, and Linux.

The malicious package is a highly obfuscated dropper that deploys the WAVESHAPER.V2 backdoor, an updated variant previously linked to the North Korea-nexus threat actor UNC1069. With axios averaging over 100 million weekly downloads for version 1.x and 83 million for version 0.x, the potential blast radius is enormous.

Attack Timeline and Mechanism

Between 00:21 and 03:20 UTC on March 31, 2026, attackers compromised the axios package maintainer account, changing the associated email to an attacker-controlled address (ifstap@proton.me). They then introduced plain-crypto-js version 4.2.1 as a dependency.

“The threat actor exploited a compromised maintainer account to inject the malicious dependency into trusted releases,” said GTIG researchers in a technical analysis. “The postinstall hook in package.json triggers silent execution of an obfuscated JavaScript dropper named setup.js.”

Malware Analysis: SILKBELL Dropper

The dropper, internally tracked as SILKBELL (SHA256: e10b1fa84f...), uses custom XOR and Base64 obfuscation to conceal its command-and-control (C2) URL and platform-specific payloads. It dynamically loads Node.js modules (fs, os, execSync) to evade static analysis.

Upon execution, SILKBELL identifies the operating system and deploys the appropriate WAVESHAPER.V2 backdoor. After delivery, it attempts to self-delete and revert package.json to hide traces of the attack.

Operating System-Specific Execution

The dropper contains distinct execution paths for each platform:

• Windows: Drops and executes a malicious binary that establishes persistence and communicates with the C2 server.
• macOS: Deploys a mach-O payload that leverages launchd for persistence.
• Linux: Drops an ELF binary that hooks into systemd or init scripts.

Background: UNC1069 and the WAVESHAPER Backdoor

UNC1069 is a financially motivated threat actor with ties to North Korea, active since at least 2018. The group has historically targeted cryptocurrency exchanges and financial institutions, using custom backdoors like the original WAVESHAPER. The updated V2 variant seen in this attack includes improved evasion capabilities and cross-platform support.

GTIG identified overlaps in infrastructure artifacts between this campaign and previous UNC1069 operations, strengthening the attribution. “The use of WAVESHAPER.V2 and the specific obfuscation techniques are consistent with this group’s modus operandi,” the researchers added.

What This Means for Developers and Organizations

Any project using axios versions 1.14.1 or 0.30.4 is potentially compromised. Immediate action is required: roll back to a known safe version (e.g., 1.14.0 or 0.30.3) and run a full security audit. The malicious dependency may have already established backdoor access on affected systems.

“This is one of the most serious supply chain attacks targeting the JavaScript ecosystem this year,” said Austin Larsen, a GTIG analyst. “Given the massive adoption of axios, we urge all maintainers and developers to verify their lock files and scrutinize any recent dependency changes.”

Actionable Defense Guidance

GTIG recommends the following immediate steps:

1. Check package-lock.json or yarn.lock for the presence of plain-crypto-js at any version.
2. Use npm audit to identify vulnerable packages.
3. Rotate all secrets (API keys, tokens) that may have been exposed on affected machines.
4. Monitor for suspicious outbound connections to IPs associated with the C2 infrastructure.
5. Apply updates once a patched axios version is released.

GTIG has shared indicators of compromise (IOCs), including the malicious package SHA256 hash and C2 URLs, with major security vendors. The research team continues to monitor for further developments.

Conclusion

The compromise of axios underscores the growing sophistication of supply chain attacks. Developers must treat every dependency update with extreme caution, especially those affecting critical infrastructure packages. Organizations using affected versions should treat this as a critical incident and respond accordingly.