
WAVESHAPER.V2
Cross-platform backdoor planted by North Korea's UNC1069 in the Axios npm package in March 2026.
Last refreshed: 8 May 2026 · Appears in 1 active topic
How many organisations deployed WAVESHAPER.V2 before the Axios compromise was disclosed?
Timeline for WAVESHAPER.V2
Shipped inside @shadanai/openclaw and @qqbrowser/openclaw-qbot during automated dependency resolution on 31 March 2026
Cybersecurity: Threats and Defences: UNC1069 expands the npm WAVESHAPER supply chainPlanted in Axios v1.14.1 and v0.30.4 as malicious dependency plain-crypto-js
Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishingAm I affected by the Axios npm backdoor WAVESHAPER.V2?
How did North Korea get into the Axios npm package?
What does WAVESHAPER.V2 do once installed?
Background
WAVESHAPER.V2 is a cross-platform backdoor for Windows, macOS, and Linux, deployed by the North Korea-nexus threat actor UNC1069 via a supply-chain attack on the widely-used Axios JavaScript HTTP library. On 31 March 2026, between 00:21 and 03:20 UTC, UNC1069 introduced the malicious dependency `plain-crypto-js` into Axios versions v1.14.1 and v0.30.4 after compromising a package maintainer through a targeted phishing campaign. Axios v1.14.1 and v0.30.4 see roughly 100 million and 83 million weekly downloads respectively.
WAVESHAPER.V2 is the second-generation iteration of a backdoor family attributed to UNC1069, indicating a sustained development programme. The implant is designed to provide persistent remote access, exfiltrate credentials, and enable follow-on operations. Its cross-platform design maximises coverage across the diverse CI/CD and developer environments that consume npm packages.
The attack exploits trust in open-source supply chains: organisations that automatically update npm dependencies or run Axios-consuming builds during the 2-hour 59-minute injection window may have deployed the backdoor without any direct attacker interaction. Google Threat Intelligence Group and Mandiant disclosed the compromise publicly on 5 May 2026, leaving a 35-day gap between injection and public disclosure.