North Korean threat actor UNC1069 trojanized Axios npm package versions 1.14.1 and 0.30.4 via ClickFix-style social engineering against a maintainer, publishing malicious packages containing the ‘plain-crypto-js’ dropper for a cross-platform RAT targeting macOS, Windows, and Linux. No CVE has been assigned; this is a supply chain campaign, not a library vulnerability. Organizations should immediately audit all lock files for the affected versions, quarantine any artifacts that resolved them during the exposure window, and implement npm provenance attestation and phishing-resistant MFA for publish credentials.