TechMar 31, 2026updated11 minAxios with 100 million weekly downloads was hijacked by npm and a cross-platform RAT was launchedA fake dependency plain-crypto-js was injected into axios 1.14.1 and 0.30.4 to install a RAT dropper via a postinstall hook. Complete attack chain from maintainer account compromise to C2 communication and self-deletion.SecuritynpmSupply ChainMalwareRAT