William OGOU Cybersecurity Blog

Published

- 6 min read

Axios Compromised in Supply Chain Attack

By William OGOU
Axios Supply Chain Attack NPM Malware Node.js Security RAT plain-crypto-js
img of Axios Compromised in Supply Chain Attack

With over 83 million weekly downloads, Axios is the undisputed king of HTTP clients in the JavaScript ecosystem. It powers everything from frontend React apps to enterprise Node.js backends. But on March 30, 2026, it became the delivery mechanism for one of the most sophisticated supply chain attacks of the year.

Security researchers have discovered that two unauthorized versions of Axios—1.14.1 and 0.30.4—were published to the npm registry. These versions didn’t alter a single line of Axios’s core code. Instead, they stealthily injected a malicious dependency called plain-crypto-js, which deploys a cross-platform Remote Access Trojan (RAT) designed to self-destruct after execution.

Here is a technical breakdown of how the attackers bypassed CI/CD pipelines, how the malware evades detection, and what you must do immediately to secure your environment.

What to Remember

  • Compromised Versions: Axios versions 1.14.1 and 0.30.4 were injected with malicious code.
  • The Payload: A hidden dependency, plain-crypto-js, deploys a cross-platform Remote Access Trojan (RAT).
  • Execution Trigger: The malware executes immediately upon installation via the postinstall hook in npm.
  • Anti-Forensics: The dropper cleans up after itself, hiding malicious modifications to evade detection.
  • Action Required: Audit lockfiles immediately, downgrade to safe versions, and hunt for Indicators of Compromise (IOCs).

The Anatomy of the Attack

This was not a spray-and-pray operation. “This was not opportunistic,” explained Ashish Kurmi of StepSecurity. “The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems… Every trace was designed to self-destruct.”

1. The Compromise: The attackers successfully hijacked the npm account of the primary Axios maintainer, “jasonsaayman.” They changed the account email to a Proton Mail address ([email protected]) and likely used a long-lived classic npm access token to publish the packages directly, entirely bypassing the project’s secure GitHub Actions release pipeline.

2. The Staged Dependency (plain-crypto-js): To avoid modifying the heavily scrutinized Axios source code, the attackers published a fake, typosquatted dependency.

  • March 30, 05:57 UTC: A “clean” version (4.2.0) is published to establish a baseline.
  • March 30, 23:59 UTC: The malicious payload (4.2.1) is published.
  • March 31, 00:21 UTC: The compromised Axios 1.14.1 is published, listing [email protected] as a dependency.

3. The postinstall Trigger: When a developer or CI server runs npm install axios, npm automatically installs plain-crypto-js. This package utilizes the postinstall lifecycle hook to execute an obfuscated Node.js dropper (setup.js).

A Cross-Platform Nightmare

The dropper uses a custom two-layer encoding scheme (Reversed Base64 + XOR Cipher) to hide its payload from static scanners. Once executed, it fingerprints the OS and branches into three distinct attack paths:

  • macOS: It uses AppleScript to download a C++ RAT from sfrclak.com:8000. The binary is saved as /Library/Caches/com.apple.act.mond (mimicking an Apple daemon), made executable, and launched silently via /bin/zsh. The RAT beacons to the C2 every 60 seconds, allowing attackers to deploy further payloads or steal data.
  • Windows: The malware locates powershell.exe and copies it to %PROGRAMDATA%\wt.exe to disguise it as Windows Terminal (a common EDR evasion technique). It then uses a hidden VBScript to fetch and execute a malicious .ps1 payload.
  • Linux: It uses curl to download a Python script to /tmp/ld.py and runs it detached using nohup.

Interestingly, the malware sends a specific POST body (packages.npm.org/product0, 1, or 2) to the C2 server based on the OS. This allows the C2 to route the correct payload while making the network traffic look like legitimate npm registry requests to a casual observer.

The Anti-Forensics Clean-Up

What makes this attack exceptionally dangerous is its ability to cover its tracks. Immediately after launching the payload, the setup.js script performs forensic cleanup:

  1. It deletes itself.
  2. It deletes the package.json file that contained the malicious postinstall hook.
  3. It renames a hidden, clean package.md file to package.json.

If a security engineer inspects the node_modules/plain-crypto-js directory after the infection, they will find what appears to be a perfectly normal, benign package.

The Cascade Effect

The speed of the JavaScript ecosystem means a compromised foundational package spreads instantly. Security firm Socket identified that the open-source AI gateway project OpenClaw (@shadanai/openclaw) and a related bot package (@qqbrowser/openclaw-qbot) were compromised simply because their automated build pipelines picked up the malicious Axios update within hours of its release.

Immediate Remediation Steps

If your project relies on Axios, you must assume compromise until proven otherwise.

  1. Audit Your Lockfiles: Check package-lock.json or yarn.lock immediately.
    • Look for: axios versions 1.14.1 or 0.30.4.
    • Look for: plain-crypto-js version 4.2.1.
  2. Downgrade: If found, downgrade immediately to the safe versions: [email protected] or [email protected].
  3. Hunt for IOCs (Indicators of Compromise):
    • Check for the presence of the files: /Library/Caches/com.apple.act.mond (macOS), %PROGRAMDATA%\wt.exe (Windows), or /tmp/ld.py (Linux).
    • Check network logs: Look for outbound connections to sfrclak[.]com or the IP 142.11.206.73.
  4. Assume Breach: If any artifacts are found, you must assume the host is compromised. Rotate all credentials, SSH keys, and cloud tokens present on that machine or CI/CD runner.

Conclusion: The End of Implicit Trust

The Axios compromise is a stark reminder that even the most trusted, widely used packages are vulnerable if maintainer credentials are stolen. The attack highlights the severe risk of npm’s postinstall scripts, which provide attackers with immediate code execution upon installation.

As the community scrambles to clean up the fallout, the lesson for organizations is clear: pinning dependencies, utilizing SCA (Software Composition Analysis) tools that monitor behavioral anomalies, and running CI/CD builds in isolated, network-restricted sandboxes are no longer optional. They are mandatory for survival.

To further enhance your cloud security and implement Zero Trust, contact me on LinkedIn Profile or [email protected]

Frequently Asked Questions (FAQ)

Which versions of Axios are compromised?

Versions 1.14.1 and 0.30.4 were compromised. They deploy a stealthy Remote Access Trojan (RAT) via a fake dependency named `plain-crypto-js`.

How does the Axios malware execute?

The malware leverages an npm `postinstall` script within the hidden dependency. This allows the dropper to execute automatically the moment a developer or CI server runs `npm install`.

What platforms are affected by this RAT?

The dropper is highly sophisticated and cross-platform. It fingerprints the OS and branches into distinct attack paths to compromise macOS, Windows, and Linux environments.

How does the malware hide its tracks?

It performs rigorous anti-forensics cleanup. The `setup.js` script deletes itself, removes the malicious `package.json`, and swaps in a clean file to evade post-incident inspections.

What should I do if I installed a compromised version?

You must assume your host is breached. Downgrade to safe versions (1.14.0 or 0.30.3), hunt for specific IOCs, and immediately rotate all credentials, SSH keys, and cloud tokens on that machine.

William OGOU

William OGOU

Need help implementing Zero Trust strategy or securing your cloud infrastructure? I help organizations build resilient, compliance-ready security architectures.

Connect on LinkedIn