Supply Chain Compromise of axios npm Package

**Executive summary:** Huntress investigated a coordinated supply-chain compromise of the widely used axios npm package that briefly (≈3 hours) delivered a malicious dependency ([email protected]) which executed a cross-platform RAT on any system that installed the backdoored axios releases; the RAT performed credential and filesystem reconnaissance, maintained a 60-second beacon to C2 (sfrclak.com:8000), supported remote commands including in-memory .NET injection, and established persistence on Windows and macOS. The report provides technical droppers and RAT analysis, IOCs (package hashes, binaries, domain/IP, file paths, registry keys), remediation steps (rebuild infected hosts, rotate credentials, pin safe axios versions, block C2), and notes ties to a DPRK-linked cluster.