Key Highlights
- Malicious versions of Axios were published with hidden code enabling remote system control.
- The supply chain attack on Axios spread via compromised npm accounts, affecting millions of weekly downloads.
- Attackers used fake packages like plain-crypto-js to target apps built on Axios across Windows, Mac, and Linux.
A supply chain attack has hit Axios, a widely used JavaScript HTTP client, putting projects around the world at risk. Versions 1.14.1 and 0.30.4 of Axios include a malicious package, plain-crypto-js@4.2.1, that can run commands on affected systems, steal data, and remain hidden on computers.
With more than 100 million downloads every week, the vulnerability affects a wide range of applications, from frontend frameworks to backend services. Feross, CEO of SocketSecurity, confirmed on X that the attack is active and warned developers to stick to safe, verified versions immediately.
The malicious Axios update did not follow the usual GitHub release process. The compromised versions have no corresponding repository tags, suggesting the attacker bypassed normal publishing checks. At first, Axios maintainers could not revoke access, exposing weaknesses in token security and publishing controls.
The attacker hijacked the lead maintainer’s npm account, jasonsaayman, and manually published the malicious versions using the npm command line, avoiding the standard release pipeline. Feross warned, “Check your lockfiles, not your disk,” pointing out that the malware deletes itself after installation, leaving no visible trace.
How the attack works
The malicious package plain-crypto-js hides its code using a two-step encryption process. It first reverses Base64-encoded strings and then applies a custom cipher to mask module names, commands, and file paths. When installed, a script called setup.js detects the operating system and delivers platform-specific malware.
On macOS, it installs a hidden RAT disguised as an Apple system file. Windows machines get a hidden PowerShell script, while Linux systems are infected through a Python script. All versions connect to the same server, sfrclak[.]com, letting attackers stay in control.
Furthermore, two other packages, “@shadanai/openclaw” and “@qqbrowser/openclaw-qbot,” were also found to be distributing the same malware. The packages either contained the malicious plain crypto-js or contained tampered Axios packages. This indicates that a compromised dependency could spread quickly to several packages.
Developer action and broader context
Developers should immediately check their projects for axios@1.14.1, axios@0.30.4, and plain-crypto-js@4.2.1. Any affected packages should be removed or rolled back, and credentials should be changed to prevent further risks.
This attack is similar to recent PyPI incidents, like LiteLLM, where malicious releases exposed 500,000 user accounts. Supply chain attacks have also targeted cryptocurrency platforms, with attackers misusing cloud credentials, showing how easily sensitive code, cloud systems, and infrastructure can be compromised.
The Axios compromise highlights the growing danger of dependency attacks in modern software. Beyond tightening publishing controls, organizations should use automated scanning and rotate credentials regularly to reduce the risk of cascading breaches.
Also Read: Google Warns Quantum Threat to Bitcoin is Approaching Faster Than Expected
