Skip to main content
DevSecOps

Malware in the axios package on npm - how to secure your applications?

Mieszko DevSecOps Engineer
8 min read
Malware in the axios package on npm - how to secure your applications?

At In Cloud We Trust, we continuously monitor the cyber threat landscape to provide you with the latest information and best practices in cloud and code security. In recent hours, one of the most serious supply chain attack incidents in the history of the Node.js ecosystem has occurred.

Our business partner and code security software provider, Aikido, was the first to report the critical incident: the account of the main maintainer of the popular axios library was compromised, and the hackers published versions containing RAT (Remote Access Trojan) malware.

Considering that axios records over 100 million downloads per week (up to 300 million according to StepSecurity), the potential impact is enormous. Below, we present the details of the attack, methods for verifying infection, and remediation steps.

Key information about the incident

  • Account takeover and malicious versions: The npm account of the main maintainer was hacked. Two infected versions were published: axios@1.14.1 and axios@0.30.4. They have already been removed from the npm registry; however, if you downloaded them before the intervention, you should assume that your system has been compromised.
  • Cross-platform RAT: The malicious versions inject a hidden dependency that installs a trojan providing remote access (RAT) to the attackers. It operates on macOS, Windows, and Linux.
  • Covering tracks: After completing its task, the malware self-destructs - the dropper deletes the malicious setup.js, replaces package.json with a clean copy from version 4.2.0, and covers its tracks. A simple inspection of the node_modules folder after the fact will not reveal its presence.
  • Additional infected packages: In addition to axios, the same malware is spreading through the packages @shadanai/openclaw and @qqbrowser/openclaw-qbot, which deliver a malicious payload via the same C2 path.

What exactly happened?

Attack timeline (UTC):

  1. March 30, 05:57 - The account nrwise (email: nrwise@proton.me), controlled by the attackers, publishes plain-crypto-js@4.2.0 - a clean copy of the crypto-js. Purpose: to "age" the package to avoid alerts from scanners detecting new packages.
  2. March 30, 23:59 - 18 hours later nrwise publishes plain-crypto-js@4.2.1 with a malicious postinstall script in the setup.js file (4,209 bytes, two-layer obfuscation: reversed Base64 + XOR cipher with the key OrDeR_7077).
  3. March 31, 00:21 - The compromised account jasonsaayman (email changed to ifstap@proton.me) publishes axios@1.14.1 with the added dependency plain-crypto-js@^4.2.1. The publication was done manually (using a stolen npm token), bypassing CI/CD.
  4. March 31, ~01:00 - Publication of axios@0.30.4 with an identical malicious dependency.
  5. March 31, ~03:15 - npm removes both axios versions. GitHub issue #10604 is opened. A request is made to invalidate all maintainer tokens.

How the malware works

The malicious postinstall script in plain-crypto-js downloads a payload from the C2 server (sfrclak[.]com, IP: 142.11.206.73, port 8000) and installs malicious code appropriate for the operating system:

  • macOS: Fake Apple cache daemon (com.apple.act.mond in /Library/Caches/).
  • Windows: PowerShell script launched via hidden VBScript. Artifacts: wt.exe in %PROGRAMDATA%, files 6202033.vbs and 6202033.ps1 in %TEMP%.
  • Linux: Python script (/tmp/ld.py).

The RAT communicates with the C2 every 60 seconds and supports the following commands: peinject (launch binary), runscript (execute script), rundir (directory enumeration) and kill (terminate process).

Indicators of Compromise (IOC)

The data below enables SOC teams to quickly identify the threat.

SHA hashes of malicious packages

# axios@1.14.1
SHA1:   2553649f2322049666871cea80a5d0d6adc700ca
SHA256: 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd

# axios@0.30.4
SHA1:   d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71
SHA256: 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f

# plain-crypto-js@4.2.1 (dropper)
SHA1:   07d889e2dadce6f3910dcbc253317d28ca61c766

# Linux RAT payload (ld.py)
SHA256: fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf

C2 infrastructure

  • Domain: sfrclak[.]com
  • IP: 142.11.206.73, port 8000
  • Endpoint: http://sfrclak[.]com:8000/6202033 (HTTP POST)
  • RAT User-Agent: mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0)

Attackers' npm accounts

  • jasonsaayman (compromised maintainer account, email changed to ifstap@proton.me)
  • nrwise (single-use account, email nrwise@proton.me - dropper author plain-crypto-js)

How to check if you are a victim of the attack?

Because the malicious script deletes itself, you must verify system files and the locked package versions.

Manual verification

1. Check the installed axios versions - scan your packages and lock files:

npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"
grep -A1 '"axios"' package-lock.json | grep -E "1\.14\.1|0\.30\.4"

2. Check for traces of the dropper - even after the script is removed, the directory itself may still exist:

ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENCJALNIE ZAINFEKOWANY"

3. Verify SHA hashes - compare them with the IOC section above:

shasum node_modules/axios/package.json 2>/dev/null

4. Look for RAT artifacts on disk (depending on the system):

  • macOS: ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "SKOMPROMITOWANY"
  • Windows: dir "%PROGRAMDATA%\wt.exe" 2>nul && echo SKOMPROMITOWANY
  • Linux: ls -la /tmp/ld.py 2>/dev/null && echo "SKOMPROMITOWANY"

Remediation steps

If the verification is positive, immediately take the following actions:

  1. Enforce safe versions:
npm install axios@1.14.0   # dla użytkowników wersji 1.x
npm install axios@0.30.3   # dla użytkowników wersji 0.x
  1. Override malicious dependencies in package.json:
{
  "dependencies": { "axios": "1.14.0" },
  "overrides": { "axios": "1.14.0" },
  "resolutions": { "axios": "1.14.0" }
}
  1. Remove leftovers and install without scripts:
rm -rf node_modules/plain-crypto-js
npm install --ignore-scripts
  1. Golden security rule: If you found RAT files (com.apple.act.mond, wt.exe, ld.py), do not try to clean them. Rebuild the environment from a clean, verified state.
  2. Credential rotation: Change ALL keys and secrets accessible on the infected machine (npm tokens, AWS/Azure/GCP keys, SSH keys, CI/CD secrets, variables from .env).

How to prevent supply chain attacks?

Supply chainsupply chain attacks are becoming increasingly sophisticated. Manually verifying every incident after the fact is like putting out fires. At In Cloud We Trust, we believe in the “Shift-Left” approach and proactively implement the DevSecOps methodology.

Aikido Safe Chain - free open-source protection

Aikido Safe Chain is an open-source wrapper for npm/yarn/pnpm that intercepts package installation and verifies packages in real time against the Aikido Intel database. A key feature: the default minimum package “age” requirement of 48 hours. The malicious version plain-crypto-js@4.2.1 was published just 18 hours before being injected into axios - Safe Chain would have blocked its installation automatically, even without prior knowledge of this specific threat.

This means that even Aikido’s free tool would have protected you from this attack. For full protection, however, it is worth considering the implementation of the complete Aikido platform with the support of our engineers.

Consult the implementation of protection with In Cloud We Trust

To effectively protect yourself against supply chain attack attacks in the future, schedule a consultation with us on implementing the Aikido platform. Aikido, as an intelligent malware monitor, automatically compares your dependencies against a continuously updated malware feed. If infected packages are detected (such as axios@1.14.1 or hidden droppers such as plain-crypto-js@4.2.1), Aikido immediately flags them and blocks their installation before they can cause damage.

Why is it worth implementing Aikido with our help?

  • Full visibility into code security: Rapid vulnerability analysis, secret scanning, and container protection.
  • Automation: Block malicious CI/CD pipelines before infected dependencies are deployed.
  • Tailored to your cloud: In Cloud We Trust experts will help integrate Aikido precisely with your AWS, Azure, or GCP ecosystem.

Book a free consultation with an In Cloud We Trust engineer today and start trusting your environment as much as you trust the cloud! Take care of security before the next incident happens.

Sources and further information

  • Aikido Security - the original incident announcement and technical malware analysis
  • StepSecurity - detailed analysis of the account takeover and attack timeline
  • SafeDep - in-depth technical analysis of the payload, obfuscation, and RAT
  • GitHub issue #10604 - incident report in the axios repository
Tags:
#axios malware #supply chain attack #npm security #Aikido Security #Aikido Safe Chain #RAT #Node.js #code security #DevSecOps #IOC #security incident

FAQ

Which axios versions contain malware?

The malicious versions are axios@1.14.1 and axios@0.30.4. Both have been removed from the npm registry. The safe versions are axios@1.14.0 and axios@0.30.3. If your project downloaded an infected version before npm intervened, you should assume system compromise.

How can I check whether my project is infected?

Run: npm list axios 2>/dev/null | grep -E "1.14.1|0.30.4" and check for the presence of the node_modules/plain-crypto-js directory. On macOS, look for the file /Library/Caches/com.apple.act.mond; on Windows — %PROGRAMDATA%\wt.exe; on Linux — /tmp/ld.py. You will find details and SHA hashes in the article's IOC section.

What is Aikido Safe Chain and how does it protect against supply chain attacks?

Aikido Safe Chain is a free, open-source wrapper for npm/yarn/pnpm that verifies packages in real time. By default, it blocks packages newer than 48 hours. In the axios attack, the plain-crypto-js@4.2.1 dropper was only 18 hours old — Safe Chain would have blocked it automatically.

Which other npm packages were infected in this attack?

In addition to axios, the same malware is spreading through the packages @shadanai/openclaw (versions 2026.3.28-2, 2026.3.28-3, 2026.3.31-1, 2026.3.31-2) and @qqbrowser/openclaw-qbot (version 0.0.130). Both deliver the same RAT payload through the same C2.

What is a RAT and how does it work in the context of the axios attack?

A RAT (Remote Access Trojan) is malware that gives the attacker remote access to an infected machine. In this attack, the RAT is installed via a postinstall script, communicates with the C2 server every 60 seconds, and allows command execution, running binaries, and file enumeration. After installation, the dropper automatically covers its tracks.

Related articles

The Evolution of the Threat: Why Shai-Hulud 2.0 Forces Us to Redefine Software Supply Chain Security

An analysis of the Shai-Hulud 2.0 attack on the npm ecosystem — 796 compromised packages, a dead man's switch, and how OX Security protects the software supply chain.
All articles