Axios package cross-platform RAT delivery
Malware Activity
Summary
Hide ▲
Show ▼
A malicious Axios package payload now delivers a remote access trojan to Windows, macOS, and Linux hosts, creating cross-platform compromise risk. The infection begins with a post-install script that launches setup.js and contacts a C2 server for an OS-specific next stage. The resulting RAT can execute commands, maintain persistence, and enumerate directories, while the dropper removes itself to reduce forensic traces.
Related Happenings
Hades Bun-powered JavaScript stealer on PyPI
Malware Activity
H score34
First: 09.06.2026 12:13
Last: 09.06.2026 12:13
Sources 1
About this happening:
A new **Hades** PyPI malware wave uses a **Python startup hook** to launch a **Bun-powered JavaScript stealer**, putting developer and CI/CD credentials at risk. The payload can h...
Hades Bun-powered JavaScript stealer on PyPI
Malware ActivityAbout this happening: A new **Hades** PyPI malware wave uses a **Python startup hook** to launch a **Bun-powered JavaScript stealer**, putting developer and CI/CD credentials at risk. The payload can h...
TrapDoor trap-core.js credential-stealing package malware
Malware Activity
H score34
First: 25.05.2026 08:59
Last: 25.05.2026 08:59
Sources 1
About this happening:
The **TrapDoor** package malware is spreading across **npm, PyPI, and Crates.io**, putting **developer secrets, cloud credentials, SSH keys, and crypto wallets** at risk. The malw...
TrapDoor trap-core.js credential-stealing package malware
Malware ActivityAbout this happening: The **TrapDoor** package malware is spreading across **npm, PyPI, and Crates.io**, putting **developer secrets, cloud credentials, SSH keys, and crypto wallets** at risk. The malw...
Shai-Hulud worm clone activity on NPM
Malware Activity
H score69
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
About this happening:
The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityAbout this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Deadcode09284814 malicious npm packages delivering Phantom Bot and infostealers
Malware Activity
H score22
First: 18.05.2026 11:57
Last: 18.05.2026 11:57
Sources 1
About this happening:
Four **npm** packages published by **deadcode09284814** were found delivering **information-stealing malware** and **Phantom Bot** DDoS capability, putting installers at risk of *...
Deadcode09284814 malicious npm packages delivering Phantom Bot and infostealers
Malware ActivityAbout this happening: Four **npm** packages published by **deadcode09284814** were found delivering **information-stealing malware** and **Phantom Bot** DDoS capability, putting installers at risk of *...
WAVESHAPER.V2 trojanized Axios npm packages
Malware Activity
H score30
First: 03.04.2026 14:04
Last: 03.04.2026 14:04
Sources 1
About this happening:
The **WAVESHAPER.V2** implant was embedded in **trojanized Axios npm package releases**, creating downstream supply-chain risk for **npm users**. The malicious code was published...
WAVESHAPER.V2 trojanized Axios npm packages
Malware ActivityAbout this happening: The **WAVESHAPER.V2** implant was embedded in **trojanized Axios npm package releases**, creating downstream supply-chain risk for **npm users**. The malicious code was published...
Timeline
-
31.03.2026 16:53 2 articles · 3mo ago
Axios package cross-platform RAT delivery
Initial DisclosureThe first infection stage began when a malicious dependency was added to the Axios package and triggered during installation. The dropper then used operating-system detection to route hosts into different payload branches.
Show sources
- Hackers compromise Axios npm package to drop cross-platform malware — www.bleepingcomputer.com — 31.03.2026 16:53
- Hackers compromise Axios npm package to drop cross-platform malware — www.bleepingcomputer.com — 31.03.2026 16:53