BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Axios NPM Attack Attributed to North Korean Hackers

North Korean hackers weaponize Axios npm with backdoor targeting cryptocurrency systems worldwide

  • The compromised Axios npm package, a core tool for millions of developers, delivered a cross-platform backdoor to Windows, macOS, and Linux systems.
  • Google Threat Intelligence Group has formally attributed the supply chain attack to the financially motivated North Korean threat actor UNC1069.
  • The malicious code used a stealthy post-install hook to deliver the WAVESHAPER.V2 backdoor, an evolution of prior malware used to target the cryptocurrency sector.
  • Users are urged to audit dependencies, check for the “plain-crypto-js” package, and isolate affected systems immediately.

In a significant escalation of software supply chain threats, the popular Axios npm package was weaponized by North Korean hackers in early April 2026. Google Threat Intelligence Group has formally attributed this attack to a group it tracks as UNC1069, which has deep experience targeting cryptocurrency.

- Advertisement -

Threat actors seized a maintainer’s account to push trojanized versions containing a malicious dependency. This rogue package leveraged a postinstall script to achieve stealthy, automatic execution upon installation.

Consequently, it delivered a dropper that fetched a next-stage backdoor tailored to the victim’s operating system. The final payload, WAVESHAPER.V2, is an updated version of a backdoor previously used by the same actor.

This backdoor supports commands to run scripts, enumerate files, and execute arbitrary binaries. It beacons to a command-and-control server every 60 seconds, establishing persistent access.

Security researchers advise mitigation by auditing dependency trees and checking for “plain-crypto-js.” Furthermore, they recommend isolating compromised systems and rotating all exposed credentials immediately.

- Advertisement -

Meanwhile, experts warn this attack serves as a template for future operations. “The level of operational sophistication… reflects a threat actor that planned this as a scalable operation,” said ReversingLabs Chief Software Architect Tomislav Peričin.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

Must Read

How Cryptocurrency Works For Beginners?

Welcome to the world of cryptocurrency! If you're new to this exciting and rapidly evolving landscape, you might feel like Alice in Wonderland, exploring...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading