Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Axios Supply Chain Attack Deploys Malicious Dependency via npm

SocketSecurity’s CEO Feross urges developers to use verified safe versions immediately.

Written By Kenrodgers Fabian
Fact Checked by Divya Mistry
Published 2026-03-31
Make The Crypto Times preferred on GoogleGoogle
Share
Axios Supply Chain Attack Deploys Malicious Dependency via npm

Key Highlights

  • Malicious versions of Axios were published with hidden code enabling remote system control.
  • The supply chain attack on Axios spread via compromised npm accounts, affecting millions of weekly downloads.
  • Attackers used fake packages like plain-crypto-js to target apps built on Axios across Windows, Mac, and Linux.

A supply chain attack has hit Axios, a widely used JavaScript HTTP client, putting projects around the world at risk. Versions 1.14.1 and 0.30.4 of Axios include a malicious package, plain-crypto-js@4.2.1, that can run commands on affected systems, steal data, and remain hidden on computers. 

With more than 100 million downloads every week, the vulnerability affects a wide range of applications, from frontend frameworks to backend services. Feross, CEO of SocketSecurity, confirmed on X that the attack is active and warned developers to stick to safe, verified versions immediately.

🚨 CRITICAL: Active supply chain attack on axios — one of npm's most depended-on packages.

The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.

This is textbook supply chain installer malware. axios…

— Feross (@feross) March 31, 2026

The malicious Axios update did not follow the usual GitHub release process. The compromised versions have no corresponding repository tags, suggesting the attacker bypassed normal publishing checks. At first, Axios maintainers could not revoke access, exposing weaknesses in token security and publishing controls. 

The attacker hijacked the lead maintainer’s npm account, jasonsaayman, and manually published the malicious versions using the npm command line, avoiding the standard release pipeline. Feross warned, “Check your lockfiles, not your disk,” pointing out that the malware deletes itself after installation, leaving no visible trace.

How the attack works

The malicious package plain-crypto-js hides its code using a two-step encryption process. It first reverses Base64-encoded strings and then applies a custom cipher to mask module names, commands, and file paths. When installed, a script called setup.js detects the operating system and delivers platform-specific malware. 

On macOS, it installs a hidden RAT disguised as an Apple system file. Windows machines get a hidden PowerShell script, while Linux systems are infected through a Python script. All versions connect to the same server, sfrclak[.]com, letting attackers stay in control.

Furthermore, two other packages, “@shadanai/openclaw” and “@qqbrowser/openclaw-qbot,” were also found to be distributing the same malware. The packages either contained the malicious plain crypto-js or contained tampered Axios packages. This indicates that a compromised dependency could spread quickly to several packages.

Developer action and broader context

Developers should immediately check their projects for axios@1.14.1, axios@0.30.4, and plain-crypto-js@4.2.1. Any affected packages should be removed or rolled back, and credentials should be changed to prevent further risks. 

This attack is similar to recent PyPI incidents, like LiteLLM, where malicious releases exposed 500,000 user accounts. Supply chain attacks have also targeted cryptocurrency platforms, with attackers misusing cloud credentials, showing how easily sensitive code, cloud systems, and infrastructure can be compromised.

The Axios compromise highlights the growing danger of dependency attacks in modern software. Beyond tightening publishing controls, organizations should use automated scanning and rotate credentials regularly to reduce the risk of cascading breaches.

Also Read: Google Warns Quantum Threat to Bitcoin is Approaching Faster Than Expected

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Cryptocurrency
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

LAB Breaks Silence After 70% Token Crash, Cites Heavy Selling Wrong Content
LAB Breaks Silence After 70% Token Crash, Cites Heavy Selling
Bitcoin Bottom Building as ETF Demand Slowly Returns: Glassnode
Bitcoin Bottom Building as ETF Demand Slowly Returns: Glassnode
Zapper Fi to Shut Down on August 3 After Seven-Year Run
Zapper Fi to Shut Down on August 3 After Seven-Year Run
SpaceX-Linked Bitcoin Wallet Moves BTC for First Time Since IPO
SpaceX-Linked Bitcoin Wallet Moves BTC for First Time Since IPO
ZachXBT Raises Fresh Liquidity Concerns After AscendEX Exit
ZachXBT Raises Fresh Liquidity Concerns After AscendEX Exit

Find Us on Socials

You may also like

Hyperliquid Token Buybacks Chip Away at Supply as Revenue Outstrips Ethereum’s Burn Rate

Hyperliquid Token Buybacks Chip Away at Supply as Revenue Outstrips Ethereum’s Burn Rate

Robinhood Chain Tops $100 Million TVL a Week After Launch

Robinhood Chain Tops $100 Million TVL a Week After Launch

ICP Founder Says the Nakamoto Coefficient Matters More Than Node Count

ICP Founder Says the Nakamoto Coefficient Matters More Than Node Count

$6M Lazy Summer Exploit Traces Back to November's Stream Finance Collapse

$6M Lazy Summer Exploit Traces Back to November’s Stream Finance Collapse

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information