axios Supply Chain Attack — Detection & Remediation
In March 2026, two malicious versions of axios were published to npm:
- -
axios@1.14.1 (live ~2h 53m) - INLINECODE1� (live ~2h 15m)
Both injected a fake dependency plain-crypto-js@4.2.1 that ran a postinstall script deploying a cross-platform remote access trojan (RAT). The malware then deleted itself and replaced its own package.json with a clean decoy to evade detection.
Safe versions: axios@1.14.0 (1.x users) · axios@0.30.3 (0.x users)
Step 1 — Check if the project is affected
Run these checks in the project directory:
CODEBLOCK0
If plain-crypto-js/ exists in node_modules, the dropper executed. The npm list version reported may show 4.2.0 (not 4.2.1) due to the anti-forensics swap — the directory presence is the reliable signal.
Step 2 — Check for RAT artifacts on the system
CODEBLOCK1
On Windows, %PROGRAMDATA%\wt.exe is a persistent copy of PowerShell left behind — it survives package removal and reboots.
Step 3 — Check CI/CD pipeline logs
Search CI run logs for any npm install or npm ci that may have pulled the malicious versions during the window 2026-03-31 00:21 UTC – 2026-03-31 03:15 UTC. Any pipeline run in that window that installed axios should be treated as compromised.
Reading the results
| Finding | Meaning |
|---|
INLINECODE14� or axios@0.30.4 in lock file | Was exposed; check further |
| INLINECODE16� exists |
Dropper ran — treat as compromised |
| RAT artifact found | System is compromised — rebuild |
| None of the above | No evidence of compromise |
Remediation
If no compromise evidence found (precautionary cleanup)
CODEBLOCK2
If compromise is confirmed (RAT artifact found or dropper ran)
Do NOT attempt to clean in place. The system must be treated as fully compromised.
- 1. Rebuild from a known-good state — do not trust the affected machine
- Rotate all credentials accessible at install time:
- npm tokens
- AWS / GCP / Azure access keys and service account keys
- SSH private keys
-
.env file secrets (DB passwords, API keys, JWT secrets)
- CI/CD secrets injected as environment variables
- GitHub PATs / deployment keys
- 3. Audit CI/CD — for every pipeline run that installed the malicious version, rotate all secrets that were in scope during that run
- 4. Block the C2 domain (as a precaution on any potentially exposed network):
# Linux/macOS — /etc/hosts
echo "0.0.0.0 sfrclak.com" | sudo tee -a /etc/hosts
# Linux firewall
sudo iptables -A OUTPUT -d 142.11.206.73 -j DROP
Going forward — prevention
CODEBLOCK4
Add to package.json to prevent accidental upgrade to malicious range:
�CODEBLOCK5
Consider tools like StepSecurity Harden-Runner for CI/CD network egress monitoring.
Indicators of Compromise (IOC Reference)
| Type | Value |
|---|
| Malicious package | INLINECODE19� · shasum �INLINECODE20 |
| Malicious package |
axios@0.30.4 · shasum
d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 |
| Malicious dep |
plain-crypto-js@4.2.1 · shasum
07d889e2dadce6f3910dcbc253317d28ca61c766 |
| C2 domain |
sfrclak.com |
| C2 IP |
142.11.206.73 |
| C2 URL |
http://sfrclak.com:8000/6202033 |
| macOS artifact |
/Library/Caches/com.apple.act.mond |
| Windows artifact |
%PROGRAMDATA%\wt.exe |
| Linux artifact |
/tmp/ld.py |
| Safe 1.x version |
axios@1.14.0 · shasum
7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb |
Output format
When running a check, produce a structured report:
CODEBLOCK6
技能名称: axios-security-check
详细描述:
axios供应链攻击 — 检测与修复
2026年3月,两个恶意版本的axios被发布到npm:
- - axios@1.14.1(存活约2小时53分钟)
- axios@0.30.4(存活约2小时15分钟)
这两个版本都注入了虚假依赖 plain-crypto-js@4.2.1,该依赖运行了一个 postinstall 脚本,部署了跨平台远程访问木马(RAT)。恶意软件随后会删除自身,并用干净的诱饵文件替换其 package.json 以逃避检测。
安全版本: axios@1.14.0(1.x用户)· axios@0.30.3(0.x用户)
第一步 — 检查项目是否受影响
在项目目录中运行以下检查:
bash
检查 package-lock.json 或 yarn.lock 中是否存在恶意版本
npm list axios 2>/dev/null | grep -E 1\.14\.1|0\.30\.4
grep -A1 axios package-lock.json 2>/dev/null | grep -E 1\.14\.1|0\.30\.4
检查是否曾安装过 plain-crypto-js
(仅其存在就表明投放器已运行——它绝不是合法axios的依赖)
ls node_modules/plain-crypto-js 2>/dev/null && echo ⚠️ 可能已被入侵
如果 node_modules 中存在 plain-crypto-js/ 目录,则说明投放器已执行。由于反取证替换,npm list 报告的版本可能显示为 4.2.0(而非 4.2.1)——目录的存在才是可靠的信号。
第二步 — 检查系统上是否存在RAT痕迹
bash
macOS
ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo ⚠️ 已被入侵(macOS RAT二进制文件)
Linux
ls -la /tmp/ld.py 2>/dev/null && echo ⚠️ 已被入侵(Linux Python RAT)
Windows(在cmd.exe或PowerShell中运行)
dir %PROGRAMDATA%\wt.exe 2>nul && echo 已被入侵(Windows持久化RAT)
在Windows上,%PROGRAMDATA%\wt.exe 是PowerShell留下的持久化副本——即使卸载包和重启系统后它仍然存在。
第三步 — 检查CI/CD流水线日志
搜索CI运行日志中是否包含在 2026-03-31 00:21 UTC 至 2026-03-31 03:15 UTC 期间可能拉取恶意版本的 npm install 或 npm ci 命令。任何在该时间窗口内运行并安装了axios的流水线都应被视为已被入侵。
结果解读
| 发现 | 含义 |
|---|
| 锁定文件中存在 axios@1.14.1 或 axios@0.30.4 | 曾暴露于风险;需进一步检查 |
| 存在 node_modules/plain-crypto-js/ 目录 |
投放器已运行——视为已被入侵 |
| 发现RAT痕迹 | 系统已被入侵——需重建 |
| 以上均未发现 | 无入侵证据 |
修复措施
如果未发现入侵证据(预防性清理)
bash
1. 锁定到安全版本
npm install axios@1.14.0 # 1.x用户
npm install axios@0.30.3 # 0.x用户
2. 锁定以阻止传递性重新解析(添加到 package.json)
overrides: { axios: 1.14.0 },
resolutions: { axios: 1.14.0 }
3. 如果存在 plain-crypto-js 则删除
rm -rf node_modules/plain-crypto-js
npm install --ignore-scripts
如果确认已被入侵(发现RAT痕迹或投放器已运行)
请勿尝试就地清理。 系统必须被视为完全被入侵。
- 1. 从已知安全状态重建 — 不要信任受影响的机器
- 轮换所有在安装时可访问的凭据:
- npm令牌
- AWS / GCP / Azure 访问密钥和服务账户密钥
- SSH私钥
- .env 文件中的机密(数据库密码、API密钥、JWT密钥)
- 作为环境变量注入的CI/CD机密
- GitHub个人访问令牌(PAT)/ 部署密钥
- 3. 审计CI/CD — 对于每个安装了恶意版本的流水线运行,轮换该运行期间作用范围内的所有机密
- 4. 阻止C2域名(作为对任何可能暴露网络的预防措施):
bash
# Linux/macOS — /etc/hosts
echo 0.0.0.0 sfrclak.com | sudo tee -a /etc/hosts
# Linux防火墙
sudo iptables -A OUTPUT -d 142.11.206.73 -j DROP
未来预防
bash
在CI/CD中,始终使用 --ignore-scripts 来阻止postinstall钩子
npm ci --ignore-scripts
在 package.json 中添加以下内容以防止意外升级到恶意版本范围:
json
{
overrides: { axios: 1.14.0 }
}
考虑使用 StepSecurity Harden-Runner 等工具进行CI/CD网络出口监控。
入侵指标(IOC参考)
| 类型 | 值 |
|---|
| 恶意包 | axios@1.14.1 · shasum 2553649f232204966871cea80a5d0d6adc700ca |
| 恶意包 |
axios@0.30.4 · shasum d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 |
| 恶意依赖 | plain-crypto-js@4.2.1 · shasum 07d889e2dadce6f3910dcbc253317d28ca61c766 |
| C2域名 | sfrclak.com |
| C2 IP地址 | 142.11.206.73 |
| C2 URL | http://sfrclak.com:8000/6202033 |
| macOS痕迹 | /Library/Caches/com.apple.act.mond |
| Windows痕迹 | %PROGRAMDATA%\wt.exe |
| Linux痕迹 | /tmp/ld.py |
| 安全1.x版本 | axios@1.14.0 · shasum 7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb |
输出格式
运行检查时,生成结构化报告:
axios安全检查报告
项目: <路径或名称>
检查日期: <日期>
发现
- - [ ] 依赖中的axios版本:<找到的版本或未找到>
- [ ] node_modules中的plain-crypto-js:<是/否>
- [ ] macOS RAT痕迹:<已找到/未找到>
- [ ] Linux RAT痕迹:<已找到/未找到>
- [ ] Windows RAT痕迹:<已找到/未找到>
结论
<安全 | 可能已暴露 | 已被入侵>
建议操作
<根据发现列出具体的后续步骤>
