Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
#Vulnerabilities

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Security Reporter
4 min read

Popular HTTP client Axios compromised through npm account takeover, injecting malicious dependency that deploys cross-platform RAT across macOS, Windows, and Linux systems.

The popular HTTP client Axios has suffered a sophisticated supply chain attack after two newly published versions introduced a malicious dependency that deploys a cross-platform remote access trojan (RAT) across macOS, Windows, and Linux systems.

Attack Timeline and Method

On March 31, 2026, versions 1.14.1 and 0.30.4 of Axios were published using compromised npm credentials belonging to the primary maintainer "jasonsaayman." The attack injected "plain-crypto-js" version 4.2.1 as a fake dependency, which contained the malicious payload.

The timeline reveals careful staging:

  • March 30, 05:57 UTC: Clean version "[email protected]" published
  • March 30, 23:59 UTC: Malicious "[email protected]" published
  • March 31, 00:21 UTC: Axios 1.14.1 published with malicious dependency
  • March 31, 01:00 UTC: Axios 0.30.4 published with malicious dependency

Cross-Platform RAT Deployment

The malware employs an obfuscated Node.js dropper that branches into three attack paths based on the operating system:

macOS Attack Path:

  • Runs AppleScript payload to fetch trojan binary from "sfrclak.com:8000"
  • Saves as "/Library/Caches/com.apple.act.mond"
  • Makes executable and launches via /bin/zsh
  • Deletes AppleScript file after execution

Windows Attack Path:

  • Locates PowerShell binary path
  • Copies to "%PROGRAMDATA%\wt.exe" (disguising as Windows Terminal)
  • Writes and executes Visual Basic Script in temp directory
  • VBScript fetches PowerShell RAT script from same server
  • Deletes downloaded file after execution

Linux Attack Path:

  • Uses Node.js execSync to fetch Python RAT script
  • Saves to "/tmp/ld.py"
  • Executes in background using nohup command

Each platform sends distinct POST bodies to the same C2 URL: packages.npm.org/product0 (macOS), packages.npm.org/product1 (Windows), packages.npm.org/product2 (Linux).

Forensic Evasion Techniques

The malware implements sophisticated cleanup measures:

  • Removes postinstall script from installed package directory
  • Deletes package.json references to postinstall hook
  • Renames package.md to package.json (clean manifest without malicious hook)

This switching of package manifests helps avoid detection during post-infection inspection.

Impact and Affected Systems

With over 83 million weekly downloads, Axios is one of the most widely used HTTP clients in the JavaScript ecosystem across frontend frameworks, backend services, and enterprise applications. The attack demonstrates how a single compromised npm account can affect millions of systems globally.

Detection and Mitigation

Users should take immediate action:

Detection Steps:

  • Check for malicious Axios versions (1.14.1 or 0.30.4)
  • Look for RAT artifacts:
    • "/Library/Caches/com.apple.act.mond" (macOS)
    • "%PROGRAMDATA%\wt.exe" (Windows)
    • "/tmp/ld.py" (Linux)

Mitigation Steps:

  • Downgrade to Axios versions 1.14.0 or 0.30.3
  • Remove "plain-crypto-js" from node_modules directory
  • If RAT artifacts detected, assume compromise and rotate all credentials
  • Audit CI/CD pipelines for runs that installed affected versions
  • Block egress traffic to command-and-control domain "sfrclak[.]com"

Additional Compromised Packages

Socket's analysis identified two additional packages distributing the same malware through vendored dependencies:

  • @shadanai/openclaw (versions 2026.3.28-2, 2026.3.28-3, 2026.3.31-1, 2026.3.31-2)
  • @qqbrowser/openclaw-qbot (version 0.0.130)

In the case of "@qqbrowser/[email protected]," the package ships a tampered "[email protected]" in its node_modules, demonstrating how supply chain attacks can propagate through multiple layers of dependencies.

Security Implications

This attack highlights several critical security concerns:

  1. npm Account Security: The attacker obtained a long-lived classic npm access token for the maintainer's account, enabling direct publication of poisoned versions
  2. CI/CD Bypass: The attack bypassed GitHub Actions CI/CD pipeline by using compromised credentials
  3. Multi-Platform Targeting: Pre-built payloads for three operating systems show sophisticated planning
  4. Forensic Evasion: Self-destruct mechanisms and manifest switching demonstrate advanced attack techniques

Expert Analysis

Security researcher Ashish Kurmi noted: "This was not opportunistic. The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct."

StepSecurity emphasized that "neither malicious version contains a single line of malicious code inside Axios itself. Instead, both inject a fake dependency, [email protected], a package that is never imported anywhere in the Axios source, whose only purpose is to run a postinstall script that deploys a cross-platform remote access trojan (RAT)."

  • Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
  • Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
  • CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
#npm#Supply Chain#RAT#cross-platform#malicious dependency

Comments

Loading comments...
Back to Home