Axios npm Hack Used Fake Teams Error Fix to Hijack Maintainer Account

The Axios Supply Chain Attack Post-Mortem

The maintainers of Axios, one of the most widely downloaded JavaScript HTTP client libraries, have published a detailed post-mortem describing how threat actors attributed to North Korea managed to compromise a developer's account and briefly poison the npm package used by millions of applications.

The incident, which unfolded in late March 2026, is a textbook example of a ClickFix-style social engineering attack adapted for the open-source developer supply chain—and it worked.

How the Attack Played Out

According to the post-mortem, a developer with publish access to the axios npm package received what appeared to be an error dialog from Microsoft Teams claiming that the application had encountered an issue and needed the user to paste a PowerShell command into a terminal to resolve it. This technique, known as ClickFix, has become increasingly prevalent since 2024 as attackers pivot away from malicious attachments toward tricking victims into self-executing malicious payloads.

The fake Teams error message was delivered via a spear-phishing email tailored to the developer's profile—referencing realistic project details and mimicking Microsoft's visual design with near-perfect fidelity. Once the developer executed the provided command, it silently:

1. Harvested stored browser credentials and session tokens
2. Exfiltrated npm authentication tokens from the developer's local npm configuration
3. Established a reverse shell callback to attacker infrastructure

With the stolen npm token, the threat actors published a trojanized version of the axios package that contained a secondary payload designed to steal environment variables and CI/CD secrets from any system that installed it—targeting downstream developer and build environments.

Attribution to North Korea

Google's Threat Intelligence Group (GTIG), working in coordination with the Axios security team, attributed the attack to UNC1069, a North Korean threat cluster previously associated with the Axios npm compromise announced April 1, 2026. The group's modus operandi—targeting high-value open-source package maintainers with ClickFix lures to obtain npm or PyPI publish credentials—aligns with a broader DPRK campaign to monetize supply chain access and gather intelligence from developer environments.

This incident follows earlier UNC1069 operations including a trojanized Zoom client used to target cryptocurrency platforms, and a fake airdrop attack against Web3 developers.

Scope and Impact

The malicious Axios version was live on npm for approximately four hours before the tampering was detected and the package was yanked. During that window, automated dependency updates and CI/CD pipelines at an unknown number of organizations pulled the compromised version. The Axios team estimates the exposure window was sufficient for:

• Thousands of fresh npm install or npm update runs to fetch the malicious package
• Any CI/CD pipeline with a loose version constraint (^latest, >=1.x) to automatically ingest the payload
• Developer laptops running npm install against projects with unlocked package-lock.json files to be affected

Organizations that pulled a new node_modules install between the compromise and remediation windows should treat their build environments as potentially compromised.

Defending Against ClickFix Attacks

ClickFix represents a significant evolution in phishing because it bypasses traditional email attachment filtering and endpoint detection—the victim's own hands execute the payload. Effective mitigations include:

• Disable PowerShell execution policy for interactive users — enforce AllSigned or RemoteSigned policies so unsigned scripts cannot run from the clipboard
• Deploy application allowlisting — prevent arbitrary process spawning from productivity applications like Teams or Slack
• Use hardware-backed MFA for npm/registry accounts — stolen session tokens become useless if publish requires FIDO2 verification
• Enable npm provenance attestation — packages signed via SLSA/Sigstore allow downstream consumers to verify the build chain before installation
• Monitor for anomalous npm token usage — alert on publish events from unexpected IP ranges or user agents

Recommendations for the Axios Incident

1. Audit your dependency lock files — check package-lock.json or yarn.lock for any axios version published on or around March 28–April 1, 2026
2. Rotate all secrets in any environment that ran an npm install during the exposure window—API keys, database credentials, cloud provider tokens
3. Review CI/CD pipeline logs for outbound connections to unfamiliar IP addresses following a build in the affected timeframe
4. Re-run builds from clean environments using a pinned, known-good axios version

References

• BleepingComputer — Axios npm hack used fake Teams error fix to hijack maintainer account
• Google GTIG — Axios npm supply chain attack attributed to UNC1069
• CosmicBytez Labs — Axios npm Package Breached in North Korean Supply Chain Attack