The recent Axios npm compromise has turned out not to be an isolated incident but part of a coordinated software supply chain attack targeting key Node.js and npm maintainers. A detailed account from Axios maintainer Jason Saayman and analysis by security company Socket show a well-prepared social engineering campaign that uses fake corporate video calls to deploy a remote access trojan (RAT) on developers’ machines.
Coordinated npm supply chain attack targeting Axios and Node.js
Attackers gained control of Saayman’s npm account and published two malicious Axios versions: 1.14.1 and 0.30.4. When installed, these versions dropped a RAT identified as WAVESHAPER.V2 onto developer workstations. From there, the attackers could steal credentials and potentially tamper with downstream projects, creating a classic software supply chain threat with wide blast radius.
How attackers compromised the Axios maintainer account
From fake company profile to convincing Slack workspace
The intrusion began with impersonation of a legitimate company. Adversaries cloned the brand identity of a well-known organization and invited Saayman into what appeared to be a genuine corporate Slack workspace. The environment looked convincing: channels with “news” pulled from LinkedIn, realistic employee profiles, and even fake maintainers from other open-source projects, all designed to build trust over time.
Abusing Microsoft Teams with a fake update prompt
The next stage was a scheduled Microsoft Teams video call. During connection, Saayman saw a plausible error message claiming that some components were outdated and required an immediate update. The “updater” offered by the attackers was in fact a remote access trojan. Once executed, it gave them control over the workstation, allowing theft of npm credentials and publication of backdoored Axios releases.
Attribution to UNC1069 and the “fake video call update” technique
According to the Google Threat Intelligence Group, this attack aligns with activity from UNC1069, a financially motivated threat group linked to North Korea and active since at least 2018. A hallmark of this group is the use of fake video call errors followed by prompts to install “updates” for platforms like Zoom or Teams.
Similar tactics have been documented by analysts at Huntress and Kaspersky: the victim experiences a supposed failure when joining a call and is then persuaded to download a “patch” or “new client version.” In reality, the victim installs a RAT that gives attackers full control of the developer workstation.
Wider campaign against npm and Node.js maintainers
Socket researchers emphasize that Axios is only one target. Several well-known maintainers in the Node.js ecosystem independently reported highly similar attack attempts: contact via LinkedIn or Slack, invitation to a pre-built workspace, a scheduled video meeting, and then a fake error message leading to a malicious “fix.”
Confirmed targets include: ECMAScript polyfills maintainer Jordan Harband, Lodash creator John-David Dalton, Fastify and Undici maintainer Matteo Collina, dotenv author Scott Motte, and Mocha maintainer Pelle Wessman. Engineers at Socket themselves were also approached.
Wessman’s case is illustrative: he was “invited” to record a podcast through a spoofed version of the Streamyard platform. When he refused to run the provided application, the attackers tried to convince him to execute a curl command directly in his terminal. After he declined again, the entire conversation history was quickly deleted, suggesting a well-rehearsed attack playbook.
Node.js core and Express contributor Jean Burellier reported a similar attempt: a contact claiming to represent “Openfort” invited him into two Slack workspaces and to a fake Teams call, where he was asked to “update the Teams SDK.”
Why endpoint compromise bypasses 2FA and OIDC protections
Socket CEO Feross Aboukhadijeh stresses that once a RAT is installed on a developer endpoint, measures like two-factor authentication (2FA) and OIDC-based npm publishing lose much of their effectiveness. With full workstation access, attackers can read .npmrc files, hijack active browser sessions, extract credentials from local keychains, and abuse existing tokens or cookies to publish malicious npm package versions.
In response, Saayman performed a full security reset: factory-resetting devices, rotating credentials, enabling immutable releases for packages, migrating to OIDC for publishing, and hardening GitHub Actions configurations in line with modern DevSecOps practices.
Practical recommendations to protect developers and the software supply chain
This campaign underscores a broader shift: developers and open-source maintainers have become primary targets in software supply chain attacks. Even strict repository and registry access controls are ineffective if the developer workstation itself is compromised.
1. Enforce strict communication hygiene. Developers should not execute arbitrary binaries or scripts received via LinkedIn, Slack, or during video calls. Unsolicited prompts to “update Zoom/Teams/SDK” are a strong indicator of social engineering.
2. Separate high-risk and publishing environments. Where possible, use dedicated machines or isolated virtual environments for npm publishing and work on critical repositories. This limits the impact if a primary workstation is compromised.
3. Strengthen monitoring and incident response. Log and monitor CI/CD activity, track changes to releases, and use dependency analysis and npm monitoring tools to quickly detect anomalous versions or suspicious code introduced into popular packages.
4. Train developers on modern social engineering tactics. Regular awareness training, including concrete case studies such as the Axios npm compromise, greatly improves resilience. Teams should practice verification of counterparties and have clear procedures for handling unexpected software installation requests.
The Axios incident and the broader campaign against Node.js maintainers show that the resilience of today’s software ecosystem depends directly on the protection of its developers. The more critical your libraries and tools are, the more likely you are to be singled out by advanced threat actors. Now is the time to reassess security processes, harden developer endpoints, and establish strict operational discipline—before the next “fake video call” becomes the entry point for a large-scale supply chain compromise.
