As reported by StepSecurity, a malicious version of the axios npm package (versions 1.14.1 and 0.30.4) was briefly available for three hours and 26 minutes between March 30, 2026 – March 31, 2026. Apollo has investigated our exposure, issued a patch, and confirmed no impact to Apollo’s production systems or customer data. If you installed @apollo/rover via npm during the specific window (2026-03-31 01:04 UTC and 2026-03-31 03:25 UTC), a malicious version of axios may have been installed and you should review your environment for artifacts of the package or RAT artifacts using the guidance in the relevant security advisory. Otherwise, no action is required.
Impact
The @apollo/rover npm package includes axios as a runtime dependency, used to download the Rover binary. The affected axios version was briefly introduced into Rover via an automated dependency update (PR #3121) during the impacted window at 01:04 UTC and was removed from npm’s package repository at approximately 03:25 UTC.
Users who installed @apollo/rover via npm may have installed a malicious version of axios depending on your installation method. You are not affected if you installed Rover:
-
Via the recommended curl/PowerShell script: this downloads a pre-built Rust binary directly from GitHub Releases and does not go through npm,
-
Via Homebrew (
brew install rover): does not go through npm, -
Via NPM with a pinned, unaffected version: npm install within a project that has
@apollo/roveras adevDependencywith a committedpackage-lock.json: the lockfile pins the resolved axios version and prevents resolution to 1.14.1, or -
Any installation that did not run between 2026-03-31 01:04 UTC and 2026-03-31 03:25 UTC, and did not use a package cached during that window.
Your environment may be affected via any of the below installation methods during the affected window (01:04 UTC - 03:25 UTC):
-
Via
npx @apollo/roverornpx -p @apollo/rover rover. npx performs a fresh dependency resolution and does not use a localpackage-lock.json, -
Via
npm install @apollo/roverif executed without a fixed dependency on an unaffected axios version, -
Via
npm install -g @apollo/rover: global installs do not use a project-level lockfile, or -
Any CI/CD pipeline that ran one of the above commands during the affected window without a pre-existing cached install should also be reviewed.
This list is not inclusive of all possible installation methods within unique environments, so we recommend investigation for any other methods that may have installed axios 1.14.1 or 0.30.4 (including unsupervised installation by AI agents during the affected window).
Patches
During 2026-03-30 23:59 UTC and 2026-03-31 03:25 UTC, a threat actor injected a malicious dependency, plain-crypto-js@4.2.1, into axios versions 1.14.1 and 0.30.4. This malicious package contained a post-installation script that downloaded and executed a cross-platform remote access trojan (RAT) on Linux, macOS, and Windows.
The malicious axios version was introduced into Rover at 1:04AM UTC; the package was removed from npm’s package repository at approximately 3:25AM UTC. A revert pinning Rover’s axios dependency back to 1.14.0 was merged on March 31, 2026.
Recommended Actions
If you determine that the malicious versions were installed in your environment:
-
Treat affected systems as fully compromised; reimage or restore from a known-clean backup rather than attempting in-place remediation,
-
Rotate all credentials accessible from the affected machine, including API keys, APOLLO_KEY values, SSH keys, cloud credentials, and npm tokens,
-
Review your environment for unauthorized activity during and after the exposure window.
-
Block the C2 domain sfrclak[.]com and IP 142.11.206.73 at your network perimeter.
A full list of IOCs can be found on DataDog’s SecurityLabs article about the compromise along with a link to the indicators in CSV form.