Tech Mar 31, 2026 updated 10 min Axios with 100 million weekly downloads was hijacked by npm and a cross-platform RAT was launched A fake dependency plain-crypto-js was injected into axios 1.14.1 and 0.30.4 to install a RAT dropper via a postinstall hook. Complete attack chain from maintainer account compromise to C2 communication and self-deletion. Security npm Supply Chain Malware RAT
