A compromised maintainer account for the widely used axios npm package published backdoored versions that deliver a cross-platform Remote Access Trojan (RAT). The malicious payload, triggered via a postinstall hook in a decoy dependency, deploys identical C2 frameworks across Windows, macOS, and Linux systems while employing anti-forensic techniques to hide its tracks.