Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Hackers Slip Trojan into Code Library Behind Most of the Internet

Hackers managed to slip a cross-platform remote access trojan (RAT) into the code library behind most of the internet by exploiting a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript. The malicious releases, targeting macOS, Windows, and Linux, were live on the npm registry for roughly three hours before removal. Axios receives more than 100 million downloads per week, and Wiz reports it sits in approximately 80% of cloud and code environments.

Background & Context

This is the third major npm supply chain compromise in seven months, with every attack exploiting maintainer credentials. The security community had recommended various defenses, but the attacker managed to bypass them by taking over the npm account of @jasonsaayman, a lead axios maintainer, and changing the account email to an anonymous ProtonMail address. This allowed the attacker to publish the poisoned packages through npm's command-line interface, entirely bypassing the project's GitHub Actions CI/CD pipeline.

Impact on Swiss SMEs & Finance

The impact of this attack on Swiss SMEs and finance is significant, as many businesses rely on open-source libraries like axios to build their applications. The fact that the attacker managed to bypass recommended defenses and publish the malicious packages for three hours before removal highlights the importance of robust security measures in the development process. Swiss businesses that rely on npm and other open-source libraries should take this as a wake-up call to review their security protocols and ensure they are not vulnerable to similar attacks.

What to Watch

As the security community continues to investigate this attack, it is essential to monitor the situation closely. The fact that the attacker managed to bypass recommended defenses and publish the malicious packages for three hours before removal highlights the importance of continuous monitoring and improvement of security protocols. Swiss businesses and developers should be on the lookout for similar attacks and take proactive measures to protect themselves from potential threats.

Source

Original Article: Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Published: April 1, 2026

Author: louiswcolumbus@gmail.com (Louis Columbus)

---

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Consult a licensed financial advisor before making investment decisions.