Author: Alexander Ivanyuk — Senior Director, Technology
Incident of the month In March 2026, the open-source JavaScript library Axios was compromised in a software supply-chain attack after threat actors hijacked a maintainer npm account and published malicious versions 1.14.1 and 0.30.4 on March 31, 2026. The incident stood out because Axios is one of the most widely used HTTP client libraries in the JavaScript ecosystem, with more than 100 million weekly downloads, giving the compromise a potentially global blast radius across developer, cloud and enterprise environments.
The malicious Axios releases silently pulled a hidden dependency, plain-crypto-js@4.2.1, which delivered a cross-platform remote access trojan affecting Windows, Linux, and macOS systems. The malware enabled remote code execution and credential theft, while follow-on reporting said Google researchers linked the activity to UNC1069, a North Korea-linked threat actor, and noted that the malicious versions were removed after roughly three hours.
March malware threat detections
In March 2026, the percentage increased sharply to 6.4%, representing a month-over-month rise of 2.2 percentage points compared to 4.2% in February 2026. This is the highest level recorded in the period shown and marks a clear reversal of the relatively stable trend observed in late 2025 and early 2026.
Compared to June 2025, when the share stood at 6.1%, March 2026 was 0.3 percentage points higher, indicating that malware exposure has now returned to — and slightly exceeded — mid-2025 levels.
In March, the top three countries with the highest malware detection rates changed completely compared to February. Vietnam recorded the highest rate globally, with 33.5% of affected unique clients experiencing at least one malware detection, followed by Georgia at 24.1% and Kazakhstan at 20.3%.
This marks a notable shift from February, when Palestine remained the most affected country at 52.5%, followed by Sri Lanka (19.7%) and Bangladesh (13.7%). While Palestine had an exceptionally high lead in February, March showed a more balanced distribution across the top three countries, although malware exposure in Vietnam still remained significantly elevated.
Across the focus countries, March 2026 shows a more mixed pattern than February, with several markets remaining broadly stable while a smaller group posts clear upward moves. India stays at the top at 10.4% (up slightly from 10% in February), while Brazil rises sharply from 8.8% to 10.8%, becoming the highest country in the table for March. Singapore also records a notable increase, climbing from 7.4% to 9.6%, which reverses the decline seen a month earlier and places it among the highest-rate countries in the current period.
By contrast, several countries that were previously among the higher-exposure markets in February either declined or remained nearly flat in March. Colombia fell from 9.7% to 8.8%, Italy eased from 9.6% to 9.2%, Canada edged down from 9.3% to 9.2%, and the United States declined from 9% to 8.8%. The Netherlands, South Korea, France, New Zealand, Australia, and Japan also moved lower, while Germany was essentially stable (8.7% → 8.8%) and the United Kingdom remained unchanged at 5.3%.
Compared to the February narrative, where the main theme was broad stabilization with isolated increases in markets such as Italy, Colombia, New Zealand and India, the March picture suggests that risk has shifted again. The strongest pressure is now concentrated in Brazil and Singapore, while some of the previous higher-rate countries have moderated. Overall, the data points less to a uniform directional trend and more to continued geographic redistribution of URL-based threat activity, which may reflect changing campaign targeting, regional detection dynamics, or differences in exposure across local user bases.
Protection
The threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behaviour-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional email security and URL filtering can help you protect against social engineering threats. And, your Acronis #CyberFit score helps you quickly identify systems that need attention, while integrated patch management makes updating your software to the latest versions simple.
Acronis XDR for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.