Skip to main content
srubin
Staff
srubin
Staff
March 31, 2026

Technical Tip: How FortiCNAPP protects from the Axios npm supply chain attack and remote access trojan

  • March 31, 2026
  • 0 replies
  • 1078 views
Description

This article describes a supply chain attack targeting the axios npm package, the most popular JavaScript HTTP client library with over 100 million weekly downloads. On March 31, 2026, two malicious versions (axios@1.14.1 and axios@0.30.4) were published to the npm registry via a compromised maintainer account. The malicious releases inject a hidden dependency on a trojanized package called plain-crypto-js@4.2.1, which deploys a cross-platform remote access trojan (RAT) targeting macOS, Windows, and Linux.

 

The attack was operationally sophisticated: the malicious dependency was pre-staged 18 hours in advance with a clean decoy version to establish publishing history. Both the 1.x and 0.x release branches were poisoned within 39 minutes of each other. The dropper uses a double-layer obfuscation scheme (XOR cipher + reversed Base64), contacts a command-and-control server at sfrclak[.]com:8000, downloads platform-specific second-stage RAT payloads, and then self-destructs by deleting itself and replacing its own package.json with a clean stub to evade forensic detection.

 

The malicious versions were live for approximately 2–3 hours (00:21–03:29 UTC) before npm removed them. Any system that ran npm install during this window and pulled the affected versions should be treated as fully compromised.
Scope

Affected versions:

 

axios (npm):

  • 1.14.1 (malicious – removed from registry).
  • 0.30.4 (malicious – removed from registry).

 

plain-crypto-js (npm):

  • 4.2.1 (malicious RAT dropper – replaced with security-holder stub).
  • 4.2.0 (clean decoy – no malicious payload, published to establish account history).

 

Additional Compromised Packages:

  • @qqbrowser/openclaw-qbot@0.0.130 – includes tampered axios@1.14.1.
  • @shadanai/openclaw (versions 2026.3.31-1, 2026.3.31-2) – vendors plain-crypto-js directly.

 

Safe Versions:

  • axios@1.14.0 (1.x branch).
  • axios@0.30.3 (0.x branch).

 

Advisory IDs:

  • LW-2026-AXIOS-01 – FortiCNAPP internal advisory (axios).
  • LW-2026-PLAINCRYPTOJS-01 – FortiCNAPP internal advisory (plain-crypto-js).
  • GHSA-fw8c-xr5c-95f9 – Embedded Malicious Code via compromised maintainer account (axios).
  • GHSA-2x9r-6wxq-hrr7 – Embedded Malicious Code deploying cross-platform RAT (plain-crypto-js).
  • MAL-2026-2306 – Malicious code in plain-crypto-js.

 

Attack Vector: Supply chain compromise via hijacked npm maintainer account; triggered automatically on npm install via post-install hook.

Potential Impact: Full remote access trojan deployment (macOS, Windows, Linux), credential theft, arbitrary code execution, and lateral movement.

 

Indicators of Compromise (IOCs):

 

Category Indicator Details
Network C2 Domain sfrclak[.]com
Network C2 IP 142.11.206[.]73
Network C2 URL http://sfrclak[.]com:8000/6202033
File (macOS) RAT Binary /Library/Caches/com.apple.act.mond
File (Windows) Persistent artifact %PROGRAMDATA%\wt.exe
File (Linux) RAT Script /tmp/ld.py

 

In-depth information can be found at:
Solution

FortiCNAPP automatically detects affected packages found in user environments via the Vulnerability Management Component and Code Security Component. FortiCNAPP will also detect Potentially Compromised Hosts and alert via Composite Alerts.

 

To mitigate this vulnerability, users of affected packages should immediately downgrade to safe versions and audit their environments for indicators of compromise.

 

Immediate remediation:

 

npm install axios@1.14.0   // for 1.x users npm install axios@0.30.3   // for 0.x users

 

Pin versions and prevent transitive resolution to malicious releases:

 

// Add to package.json {   "dependencies": { "axios": "1.14.0" },   "overrides":    { "axios": "1.14.0" },   "resolutions":  { "axios": "1.14.0" } }

 

Remove the malicious dependency and enforce lockfile integrity:

 

rm -rf node_modules/plain-crypto-js npm ci --ignore-scripts

 

Check for RAT artifacts on affected systems:

 

# macOS ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "COMPROMISED"  # Linux ls -la /tmp/ld.py 2>/dev/null && echo "COMPROMISED"  # Windows (cmd.exe) dir "%PROGRAMDATA%\wt.exe" 2>nul && echo COMPROMISED

 

Block C2 traffic at the network/DNS layer:

 

# Block via firewall (Linux) iptables -A OUTPUT -d 142.11.206.73 -j DROP  # Block via /etc/hosts (macOS/Linux) echo "0.0.0.0 sfrclak.com" >> /etc/hosts

 

Note: If any RAT artifact is found, treat the system as fully compromised. Do not attempt to clean in place—rebuild from a known-good state. Rotate all credentials on any system where the malicious package ran: npm tokens, AWS access keys, SSH private keys, cloud credentials (GCP, Azure), CI/CD secrets, and any values present in .env files accessible at install time.
Terms & ConditionsAccessibility statement