Find notable cyber news and cases, enriched with sources, timelines, and signals.

Axios package cross-platform RAT delivery

Malware Activity
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

A malicious Axios package payload now delivers a remote access trojan to Windows, macOS, and Linux hosts, creating cross-platform compromise risk. The infection begins with a post-install script that launches setup.js and contacts a C2 server for an OS-specific next stage. The resulting RAT can execute commands, maintain persistence, and enumerate directories, while the dropper removes itself to reduce forensic traces.

Related Happenings

Hades Bun-powered JavaScript stealer on PyPI

Malware Activity
H score34 First: 09.06.2026 12:13 Last: 09.06.2026 12:13 Sources 1

About this happening: A new **Hades** PyPI malware wave uses a **Python startup hook** to launch a **Bun-powered JavaScript stealer**, putting developer and CI/CD credentials at risk. The payload can h...

TrapDoor trap-core.js credential-stealing package malware

Malware Activity
H score34 First: 25.05.2026 08:59 Last: 25.05.2026 08:59 Sources 1

About this happening: The **TrapDoor** package malware is spreading across **npm, PyPI, and Crates.io**, putting **developer secrets, cloud credentials, SSH keys, and crypto wallets** at risk. The malw...

Shai-Hulud worm clone activity on NPM

Malware Activity
H score69 First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Deadcode09284814 malicious npm packages delivering Phantom Bot and infostealers

Malware Activity
H score22 First: 18.05.2026 11:57 Last: 18.05.2026 11:57 Sources 1

About this happening: Four **npm** packages published by **deadcode09284814** were found delivering **information-stealing malware** and **Phantom Bot** DDoS capability, putting installers at risk of *...

WAVESHAPER.V2 trojanized Axios npm packages

Malware Activity
H score30 First: 03.04.2026 14:04 Last: 03.04.2026 14:04 Sources 1

About this happening: The **WAVESHAPER.V2** implant was embedded in **trojanized Axios npm package releases**, creating downstream supply-chain risk for **npm users**. The malicious code was published...

Timeline

  1. 31.03.2026 16:53 2 articles · 3mo ago

    Axios package cross-platform RAT delivery

    Initial Disclosure

    The first infection stage began when a malicious dependency was added to the Axios package and triggered during installation. The dropper then used operating-system detection to route hosts into different payload branches.

    Show sources