The Axios supply chain attack was a fake company, a Teams call, and a RAT

Axios, the HTTP client that ships inside hundreds of millions of JavaScript projects, was compromised through a supply chain attack that did not exploit any technical vulnerability in the codebase. The attacker built a fake company from scratch, created a Slack workspace with fake employees and realistic channels, then scheduled a Microsoft Teams meeting. During that call, the maintainer was told something on their machine was outdated and clicked through what looked like a system update. It was a Remote Access Trojan. Credentials stolen, malicious package published.

The attack closely mirrors techniques documented by Google in reporting on the UNC1069 threat actor group. What makes this notable is the targeting: Axios was specifically chosen because of its adoption footprint, and the social engineering was built around a single individual rather than a mass phishing campaign. This is not script-kiddie territory. The attackers created infrastructure, maintained a persona over time, and exploited the specific pressures that open source maintainers work under: “the time constraint means I always click yes to things as quickly as possible.”

The practical security lesson here is not about password managers or two-factor authentication. Those things help, but they would not have stopped this. The attack worked by making urgency feel legitimate. A meeting already in progress, a technical-looking prompt, time pressure. The actual payload delivery bypassed everything because the human at the other end was socially primed to comply. This is the same technique used in corporate fraud, just applied to open source infrastructure.

For anyone maintaining a package with meaningful download counts: the threat model has changed. A targeted attacker will not try to find a CVE in your code. They will find your LinkedIn, build a plausible pretext, get you on a call, and wait for you to install something. The appropriate response is treating any unsolicited “your software is outdated” prompt during a screen-share as a red flag, regardless of how legitimate the meeting context feels. Maintainers of critical packages should also consider whether publishing credentials are scoped as narrowly as possible, so that a compromised session cannot push to npm without additional confirmation steps.

The reality is that open source security posture is largely voluntary and under-resourced. Most maintainers are individuals doing this on their own time. Sophisticated, targeted social engineering campaigns are expensive to run, but they remain cost-effective when the target controls something with 50 million weekly downloads. Axios is a wake-up call for the broader ecosystem, not a one-off incident.