{
  "name": "Axios Front-End Library npm Supply Chain Poisoning Alert",
  "slug": "axios-front-end-library-npm-supply-chain-poisoning-alert",
  "description": "On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version with a Trojan backdoor through the npm CLI. When the user installs it, a persistent remote control will be established on the host. The impact is wide-ranging, and relevant users are requested to take measures for investigation and protection as soon as possible.",
  "published": "2026-04-01T13:16:21.862000+00:00",
  "created_at": "2026-04-01T15:26:22.644000+00:00",
  "modified_at": "2026-04-01T13:26:22+00:00",
  "created_at_opencti": "2026-04-01T15:26:22.644000+00:00",
  "author": "AlienVault",
  "confidence": 100,
  "report_types": [
    "threat-report"
  ],
  "labels": [
    "axios",
    "npm",
    "supply chain",
    "supply chain attack"
  ],
  "tags": [
    "2026-04-01",
    "axios",
    "npm",
    "supply chain attack",
    "supply-chain"
  ],
  "related_entities": {
    "indicators": [
      {
        "id": "ccd99c2c-a711-4468-9674-5d741d5ad695",
        "name": "sfrclak.com"
      },
      {
        "id": "d2f0d7b1-fade-475f-8b86-77d1948d5f93",
        "name": "http://sfrclak.com:8000/6202033"
      },
      {
        "id": "f3404dda-5d09-42dc-9908-c38995b6f2ab",
        "name": "callnrwise.com"
      }
    ],
    "observables": [
      {
        "id": "957dfc23-cd1b-4dcf-9ef7-df4ecc8ff370",
        "name": "callnrwise.com"
      },
      {
        "id": "682dccab-ce50-4ec5-8f34-2e32e63e11e3",
        "name": "sfrclak.com"
      },
      {
        "id": "462fcf4e-4a4e-4adf-a04f-1d89f87381f4",
        "name": "http://sfrclak.com:8000/6202033"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "sfrclak.com"
      },
      {
        "id": "",
        "name": "callnrwise.com"
      }
    ]
  },
  "external_refs": [
    {
      "id": "65029afa-a71f-4bd1-af55-674766453339",
      "standard_id": "external-reference--4133dc9d-f1ea-5199-9f51-12e8eb5860c0",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://nsfocusglobal.com/axios-front-end-library-npm-supply-chain-poisoning-alert/",
      "hash": null,
      "external_id": null,
      "created": "2026-04-01T15:26:22.586Z",
      "modified": "2026-04-01T15:26:22.586Z",
      "createdById": null
    },
    {
      "id": "c635a2dd-b8f0-4f93-b711-31f35ce3879c",
      "standard_id": "external-reference--4f7d158c-329e-5e31-a854-1ed28ec101dc",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://otx.alienvault.com/pulse/69cd1aa5d630ea626fc62588",
      "hash": null,
      "external_id": "69cd1aa5d630ea626fc62588",
      "created": "2026-04-01T15:26:22.539Z",
      "modified": "2026-04-01T15:26:22.539Z",
      "createdById": null
    }
  ]
}