Executive Summary
According to a released report by StepSecurity, on 30 March 2026, an unnamed threat actor compromised a npm account associated with the Axios library and published malicious package versions, impacting developers and organizations relying on the dependency. The threat actor introduced backdoored versions of 1.14.1 and 0.30.4 that included a hidden malicious component designed to execute upon installation. This activity primarily affected environments where the compromised versions were downloaded, including developer workstations and CI/CD pipelines. The malicious code deployed a remote access trojan (RAT), enabling unauthorized system access and potential data exfiltration. As of this writing, there is no public reporting of successful exfiltration connected to the malicious versions
Key Findings
- At the time of this publishing, it is unclear who is responsible for this malicious attack with no confirmed threat actor identified.
- The malicious packages contain no direct malicious code within Axios itself, which increases the chances of evading detection.
- The attack leveraged a fake dependency (plain-crypto-js[@]4[.]2[.]1) that is not used anywhere in the Axios source code.
- The malicious dependency executed a post install script acting as a dropper for a cross-platform RAT.
- The RAT targeted macOS, Windows, and Linux Systems, enabling broad impact across developer and enterprise environments.
- It has been discovered since the malicious attack has occurred, Anthropic Claude AI source code has been leaked via a map file in there npm registry that was posted by a user on X.
Indicators of Compromises
StepSecurity has provided a list of IOCs for the malicious npm packages.
Malicious npm Packages
- Axios[@]1[.]14[.]1 · shasum: 2553649f232204966871cea80a5d0d6adc700ca
- Axios[@]0[.]30[.]4 · shasum: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71
- plain-crypto-js[@]4[.]2[.]1 · shasum: 07d889e2dadce6f3910dcbc253317d28ca61c766
Network Indicators
- C2 domain · sfrclak[.]com
- C2 IP · 142[.]11[.]206[.]73
- C2 URL · hxxp[:]//sfrclak[.]com[:]8000/6202033
- C2 POST body (macOS) · packages[.]npm[.]org/product0
- C2 POST body (Windows) · packages[.]npm[.]org/product1
- C2 POST body (Linux) · packages[.]npm[.]org/product2
File System Indicators
- macOS · /Library/Caches/com.apple.act[.]mond
- Windows (persistent) · %PROGRAMDATA%\wt[.]exe
- Windows (temp, self-deletes) · %TEMP%\6202033[.]vbs
- Windows (temp, self-deletes) · %TEMP%\6202033[.]ps1
- Linux · /tmp/ld[.]py
Attacker-Controlled Accounts
- jasonsaayman · compromised legitimate axios maintainer, email changed to ifstap[@]proton[.]me
- nrwise · attacker-created account, nrwise[@]proton[.]me, published plain-crypto-js
Safe Version Reference
- axios@1[.]14[.]0 (safe) · shasum: 7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb
Mitigations
StepSecurity has provided the following community-wide detection and mitigation steps, which are available here for RH-ISAC Core Member security awareness.
