Axios supply chain attack (Incident)

Malicious versions of the npm package `axios` were published from a compromised maintainer account; they added a dependency on a trojanized package and included a dropper (`setup.js`) that downloaded platform-specific second-stage RATs from `sfrclak.com:8000`. The second-stage payloads (macOS Mach-O binary with code-signing capabilities, Windows PowerShell with registry persistence and re-download batch, and a Linux Python script) beaconed to the C2 every 60 seconds, provided remote shell and reconnaissance capabilities, and self-cleaned by restoring package.json and deleting the dropper after execution.